Skip to main content

Smishing sounds funny, but it’s a serious threat to your phone’s security

smishing example on phone
Image used with permission by copyright holder

Phishing remains a serious security problem. According to some reports, one in every 101 emails are malicious and most of those use some form of phishing as a primary scamming tactic. Most people are aware of phishing, but we only look out for threats when checking email.

Criminals, however, are one step ahead. Security experts say phishing has come full-force to texting, and it carries even more potential danger than it does through email.

Recommended Videos

Breaking the myths about phones

A lot of effort goes into securing our smartphones, whether it’s passcodes, fingerprint scanners, or even facial recognition. Like the security system of a car, we assume this keeps the bad guys out and our personal data safe. But when someone falls for a phish scam over text, they are willingly handing over the keys to their car, often without knowing it.

insecure
(in)Secure, a weekly column, follows the trends, and screw-ups, you need to know about. We’ll touch on topics ranging from the laws behind cyber security, to the latest major breaches, to new methods that can help keep your data safe or, at least, minimize the damage.

“It’s pretty much the old phishing techniques applied to mobile text messages instead of email,” Ruby Gonzalez told Digital Trends. She’s the Communications Director at NordVPN. The company recently published a report attempting to raise awareness about how the situation has gone from bad to dire. The report calls it “smishing,” or SMS phishing.

“As smartphones get more and more popular, personal use of email is declining,” said Gonzalez. “Not only text messages, but all Facebook messages, and so on. So, people have been getting used to getting all kinds of offers being sent over messages, including links. It’s a new channel. It’s a wider channel for criminals, and they are trying to exploit it in the same way as all other channels that are opening.”

Like how masses of email accounts are collected, Gonzalez says cyber-criminals retrieve phone numbers from databases on the dark web and then try to lure their targets into sharing personal data.

The most common form of this is a text with a link that automatically downloads malware, which can then steal all sorts of different data. Your smartphone knows a lot more about you than your PC, so an installed piece of malware might steal the phone numbers in your contact list and spread the virus in hopes to exponentially multiply. Even important bits of personal data, like banking credentials or your tracking location, can be at risk.

Examples of smishing attempts Image used with permission by copyright holder

Another tactic is to pose as a legitimate and well-known institution, a classic page out of the phishing playbook. In some cases, scammers masquerade as tax authorities, which has become an increasingly worrisome problem in the UK and Canada. During tax season, Gonzalez noted, these sorts of attacks become extremely common. The fact a message comes over text often gives a false sense of legitimacy, as many people don’t know a text message can be a threat.

“They say that the user is due a tax refund or needs to provide some more information,” said Gonzalez. “Basically, they try to get users’ financial information, and that can then be used for stealing their money.”

Whether it’s from your dentist or your library, automated text messages are more common than ever. The more accustomed we are to automated texts, the more opportunity there is for scammers to exploit that familiarity.

The more accustomed we are to automated texts, the more opportunity there is for scammers to exploit that familiarity.

A simple reply to a text message is often all that’s needed to put you in harm’s way. In the US, Gonzalez mentioned shortcodes as a commonly-exploited tactic. These are typically used by organizations like charities, which can send texts directly to supporters and allow them to donate funds with just a one-word response. Scammers have used that same system to steal money right out of people’s bank accounts.

The problem is far more widespread than you might think. According to Gonzalez, more than one and three people in the UK who text have been targeted by a phishing scam in the past six months. Statistics also say fewer than two in five people report a scam when it happens, meaning the real numbers could be even worse.

What can we do about it?

The biggest problem with phishing is that it’s hard to detect. While most people think they’d never fall victim to it, many people do, and don’t realize what’s happened until it’s far too late. As stated above, scammers prey on people’s fears about security or finances. However, there are some practical things you can do to stay one step ahead of scammers.

Related reading

The first is simple. Never click on a link or reply to a text. If you are even slightly suspicious, it’s always better to play it safe. That includes if the call to action is “reply if you want to stop getting these messages.” Try Googling the content of the message if it seems even slightly off.

“Sometimes criminals have huge databases of phone numbers, and if they get a reply, they know the number is active,” said Gonzalez. “So that can actually be counterproductive. If it looks like it comes from a company and it asks for strange things like a password or has a link, find the legitimate number on the internet and call and verify if the message really came from them. Not clicking on any links is a good idea, unless you’re pretty sure it’s coming from a legitimate source.”

Having anti-malware installed on your phone isn’t a bad idea, either. Some people believe that smartphones are less susceptible to malicious software than computers, but Gonzalez is convinced that the opposite was true.

“Having antimalware software for the phone is getting as important as having one on your laptop or desktop computer.”

“There are lots of malware strands that are primarily target phones,” she noted. “Specifically, Android phones, because Android is a more open system. Over the past couple of years there have been scandals with malware-infected apps even in the Google Play Store. Having antimalware software for the phone is getting as important as having one on your laptop or desktop computer.”

Several VPN companies provide additional support in this area,as well. NordVPN has its own feature in its security apps called CyberSec, which the company says is like a content blocker for your entire operating system. It works by checking addresses against the huge database of the company’s blocklists.

Lastly, if you do find yourself in a situation where you think some malware has been downloaded, make sure to protect your data. Change all your passwords, or use an encrypted password manager for maximum security.

Luke Larsen
Luke Larsen is the Senior Editor of Computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
Intel’s promised Arrow Lake autopsy details up to 30% loss in performance
The Core Ultra 9 285K socketed into a motherboard.

Intel's Arrow Lake CPUs didn't make it on our list of the best processors when they released earlier this year. As you can read in our Core Ultra 9 285K review, Intel's latest desktop offering struggled to keep pace with last-gen options, particularly in games, and showed strange behavior in apps like Premiere Pro. Now, Intel says it has fixed the issues with its Arrow Lake range, which accounted for up to a 30% loss in real-world performance compared to Intel's in-house testing.

The company identified five issues with the performance of Arrow Lake, four of which are resolved now. The latest BIOS and Windows Updates (more details on those later in this story) will restore Arrow Lake processors to their expected level of performance, according to Intel, while a new firmware will offer additional performance improvements. That firmware is expected to release in January, pushing beyond the baseline level of performance Intel expected out of Arrow Lake.

Read more
You can get this 40-inch LG UltraWide 5K monitor at $560 off if you hurry
A woman using the LG UltraWide 40WP95C-W 5K monitor.

If you need a screen to go with the upgrade that you made with desktop computer deals, and you're willing to spend for a top-of-the-line display, then you may want to set your sights on the LG 40WP95C-W UltraWide curved 5K monitor. From its original price of $1,800, you can get it for $1,240 from Walmart for huge savings of $560, or for $1,275 from Amazon for a $525 discount. You should complete your purchase quickly if you're interested though, as there's no telling when the offers for this monitor will expire.

Why you should buy the LG 40WP95C-W UltraWide curved 5K monitor
5K monitors are highly recommended for serious creative professionals, such as graphic designers and filmmakers, for their extremely sharp details and precise colors, and the LG 40WP95C-W UltraWide curved 5K monitor is an excellent choice. We've tagged it as the best ultrawide 5K monitor in our roundup of the best 5K monitors, with its huge 40-inch curved screen featuring 5120 x 2160 resolution, 98% coverage of the DCI-P3 spectrum, and support for HDR10 providing striking visuals that you won't enjoy from most of the other options in the market.

Read more
Generative-AI-powered video editing is coming to Instagram
Instagram on iPhone against a colorful background.

Editing your Instagram videos will soon be as simple as typing out a text prompt, thanks to a new generative AI tool the company hopes to release in 2025, CEO Adam Mosseri announced Thursday.

The upcoming tool, which leverages Meta's Movie Gen model, will enable users to "change nearly any aspect of your videos," Mosseri said during his preview demonstration. Those changes range from subtle modifications, like adding a gold chain to his existing outfit or a hippo in the background, to wholesale alterations including swapping his wardrobe or giving himself a felt, Muppet-like appearance.

Read more