We all know about phishing attacks, but hackers also use a similar method called “smishing” to trick people. Smishing uses text messages (SMS) to spread malware and steal information from smartphones. According to recent reports, hackers are using this method more often.
The cybersecurity company Kaspersky says hackers are spreading dangerous malware called “Roaming Mantis” in Europe and Asia through smishing attacks. This problem is growing worldwide.
You can learn more about the Roaming Mantis smishing campaign in a report from Threatpost. No matter which scam it is, the important thing is that smishing is a real threat. You should protect yourself from it, just like you would protect yourself from phishing scams.
What is smishing?
Smishing is similar to phishing, but instead of emails, it uses text messages (SMS). That’s why it’s called “smishing” (SMS + phishing).
Here’s how most smishing attacks work: Hackers send a text that looks real and trustworthy. The text includes a link that opens a fake website. This website may ask you to download an app that secretly installs malware on your device. In the case of Roaming Mantis, the malware is hidden in code that might not be detected by anti-malware programs.
Hackers don’t just use malware in smishing texts. Depending on the company they are pretending to be, the texts might also:
- Link to fake login pages to steal account details.
- Spam you with harmful ads.
- Ask for personal information like your bank card details, Social Security number, or driver’s license number.
No matter the trick, the goal is the same: hackers gain access to your device, accounts, or personal information. Once they have access, they can steal payment information, private photos, and anything else stored on your device.
How to avoid smishing
Smishing is a serious threat, but you can spot and avoid it using the same steps you would to stop phishing or other online scams.
Start by turning on SMS spam filters. Most phone companies, like T-Mobile, AT&T, and Verizon, have spam filters that block some smishing texts. However, these filters don’t catch everything because they react to new scams after they happen. You should also turn on spam filters in your texting apps if you’re using an Android device.
While filters are helpful, they won’t stop all bad messages. The rest is up to you. The most important rule is never open links from unknown numbers or suspicious messages.
This can be tricky because many companies send important links by text, sometimes from random numbers. For example, messages for two-factor sign-ins or password resets might come from a different number each time. So how do you know if a text is real?
Here are some tips to stay safe:
- Only open texts from companies you’re expecting to hear from, like Google, your bank, or public transit.
- Look for signs the text might be fake, such as poor spelling, bad grammar, or words that seem out of place.
- Be cautious of strange requests. Most big companies won’t ask for personal information, send random links, or ask you to install apps through a text.
If you’re not sure if a message is real, call the company directly using their official phone number. They can confirm if the text is legitimate.