Phishing occurs when scammers send emails that appear to have been sent by legitimate, trusted organizations in order to lure recipients into clicking links and entering login data and other credentials. SMiShing is a version of phishing in which scammers send text messages rather than emails, which, as with phishing emails, appear to have been sent by a legitimate, trusted organization. The terms reference a scammers’ strategy of fishing for personal information.
For instance, you could receive an email or text message from someone posing as your credit card company, asking you to confirm your account numbers or passwords. It’s much easier to fall for these tricks on your mobile device because a lot of the things you can do to check if an email is legitimate are not available.
For instance, because of the limited screen space on your mobile device, you probably can’t see a site’s full web address, or an email sender’s full return address. Without being able to see a full address, it’s difficult to tell if the website or sender is legitimate. You also can’t “hover over” a link like you can from your computer and get a preview of a linked word or graphic.
Another factor is the “always on” nature of mobile devices. Most mobile users are more likely to immediately read their email messages and forget to apply their security practices, such as checking to see if an email is from someone they know and if any included links appear real. Because messages are checked continuously, you are more likely to encounter phishing attacks within the first few hours of launch, before security filters have a chance to mitigate the threat.
If you do click on a dangerous search result or stumble upon a malicious webpage, you could wind up accidentally downloading malware onto your phone, or simply run into inappropriate content.
To protect yourself from a mobile phishing scam, you should:
- Don’t click on any links from people or companies you don’t know
- Even if you do know the person or company who sent the email or text, take the time to double-check a website’s address and make sure that it appears legitimate .
- Be wary of any retail site with deeply discounted prices, and always check other users’ comments and reviews before purchasing online.
- Rather than doing a search for your bank’s website, type in the correct address to avoid running into any phony sites, or use your bank’s official app.
- Use a comprehensive mobile security product such as McAfee® Mobile Security, which offers mobile antivirus protection, safe search, backup and restore functions, call and text filtering and the ability to locate your phone and wipe personal information in the case of loss.
The best protection from this scam is awareness. Once you understand how it works, you are better positioned to recognize mobile phishing, and how to avoid clicking links within emails or text messages or otherwise responding to such ruses.
Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)