Skip to content

‘Tis the season not to get smished!

 

We all hope to have some peace and quiet during the holiday season, not just in the physical world, but also in the digital one. But we got used to using our devices for ordering presents online, communicating with family through video chat, and looking for good deals online. And those are exactly the snippets of your time, that cybercriminals take advantage of. 

It´s no wonder there is a surge of holiday-themed SMS phishing or smishing. According to Proofpoint research, instances of smishing doubled in 2021 in comparison to 2020 during the holiday season. Most of the texts sent during this time are related to delivery or retail messaging. Cybercriminals pray on Black Friday, Cyber Monday and other retail-important events, but also deliveries post purchase. But why exactly do they choose SMS as their threat vector?

Text messages are easier than email, since they can be short, and what´s more, text messages have a 98% open rate, and 95% of texts are opened and responded to within the first three minutes of its delivery. And what is even more, the chance of a person being cautious with a text compared to an email is much lower. The click through rate for text messages is eight times higher than email, and yet less than 35% of the population knows smishing exists.

These text messages claim to be good deals, or delivery information for a non-existent package. And since many people order not just one package from just one online store, they don’t always give it much thought as to what this particular item might be. These smishing texts contain a click-through link to a landing page attempting to steal your personal information.

So what exactly would a smishing message look like?

There are certainly some characteristics to look out for.

  • Unfamiliar sender – this may be an unknown or strange-looking number
  • Urgency – just like traditional email phishing campaigns, smishing messages urge you to act quick, or your package will be returned to sender, or the offer deal is about to end
  • Links – links to landing pages and sites where you are expected to enter your personal information
  • Requests – they may often request you to provide personal or financial details

How not to become a smishing victim?

First of all, think twice before clicking on any links and requests, is a great rule of thumb for your cybersecurity in general. But more specifically, when receiving an unknown or suspicious text message, do not click on any links, reply to the message or provide any personal information. Instead, either ignore or completely delete the message. And if you are still not sure if the message is real or not, search for the organization, government body or e-store online, contact them, and assure yourself of the legitimacy of said message

Best cybersecurity gift

To make your life easier, and this season more peaceful, give yourself the gift of cybersecurity and opt for a good mobile security solution. ESET Mobile Security aims to provide a safe environment for you to enjoy time with loved ones without worrying about your digital safety.

The solution aims to protect and secure your device from criminal activity using manipulation of users, known as social engineering, into gaining access to sensitive data such as bank account credentials, card numbers, PIN numbers, usernames and passwords.

The anti-phishing protection feature is now bolstered by a new Anti-smishing feature. This defends and warns the user against any messages containing malicious links after delivery, making sure you are protected even before opening the message and any links the message might contain.

We recommend you turn this feature on from its default off state, to ensure you are fully protected, especially during quality time with loved ones. All malicious websites, listed in our ESET malware database, will be blocked and a warning notification will be displayed informing you of the attempted attack.

ESET Mobile Security makes your Android phones and devices easy to find and harder to steal, as well as helping to protect your valuable data. ESET is already trusted by millions of users around the world to keep their data safe. ESET helps protect the Google Play store and is trusted by millions of users like you around the world, and is dedicated to the online safety and education of children and their parents. Click here to find out more.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.