Defenses Against Smishing

This week’s blog is adapted from a recent blog posted by The Identity Theft Resource Center(ITRC).  The ITRC is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cyber security, scams/fraud and privacy issues.

Hackers and scammers are top innovators.  They are finding new ways to attach data every day.  With every new platform, software, or app that comes out, someone invariably finds a way to use it to their advantage. The end result can be a breach in your personal security and a loss of your identity.

But with every new form of attack—spoofing, phishing, hacking, and more—the public has to learn about the threat and learn how to protect themselves from it. That’s why staying on top of a new form of security threat is critical to protecting yourself.

There’s a new form of security danger out there, and this one specifically targets your smartphone. Smishing, as the attack is called, uses the hackers’ old favorite—phishing, or sending out emails that entice you to click a link that actually downloads malicious software—to install a Trojan or virus on your phone. As its name implies, smishing comes from “SMS phishing,” as SMS is the acronym that applies to text messages.

Obviously, a smishing attack goes after your device via text message, and it happens when you get a message from an unknown number that offers you some sort of incentive. It might be telling you about a free offer, a coupon, something wrong with your account, or even more likely, it might claim that “your friend” has sent you a game request or message. Unfortunately, the weblink in the text will install malicious software on your phone once you press it.

Unlike viruses of the “olden days” that sought to lock up your computer or disable your files, smishing attacks generally don’t even want you to know they’re there. They want to exist inside your device and continue to feed information back to the hacker, information like your contacts list, your email address book, and any passwords you enter for apps or accounts you use.

While there are antivirus apps available for smartphones, it can be difficult to completely remove malicious software from a smartphone once it’s infected. Depending on the virus, the only available option may be to reset the phone to its factory settings, which will remove all of your content out of the phone. By far, the better option is to avoid installing this type of threat in the first place. Just remember the rule that goes for emails and social media messages, and apply the same smart practice to your mobile device: never click a link that you weren’t expecting.

For more on best practices for identity theft protection, please visit

by Judith