SMiShing is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his or her cellular phone or other mobile devices. SMiShing is short for "SMS phishing."
SMiShing works like this: A cell phone user will receive an SMS message along the lines: "We're confirming you've signed up for our dating site/user site/membership program. You will be charged $1/day unless you cancel your order. www.smishinglink.com." (This is an example and was not a real URL at the time of writing)
This phenomenon "SMiShing" (phishing via SMS), is yet another indicator that cell phones and mobile devices are becoming increasingly used by perpetrators of malware, viruses, and scams.
While some might recognize this as a scam, many unsuspecting users do not. Fearful of incurring premium rates on their cell phone bill, they visit the web site highlighted in the message. Once they arrive at the URL, they are prompted to download a program which is actually a Trojan horse that turns the device into a zombie, allowing it to be controlled by a hacker. The computer then becomes part of a bot network, which can then be used to launch denial of service best practices. To protect mobile devices, security management should include:
- Policies that help to address phishing
- Security software to address viruses and other malware
- A way to use over-the-air updates to re-image devices and recover data
Users are advised to be as vigilant about security for their mobile devices as they are for desktop computers.
Learn more about our cyber security services. Don’t hesitate to contact us with any questions you might have about pricing, implementation or cyber security strategy.