Examples and precautions of rapidly Increasing Smishing Incidents.
With the rise of new scams, smishing incidents continue to be reported frequently. Unlike in the past, today’s smishing attempts are more sophisticated and realistic, making them harder to detect and more effective at luring people into their traps. Hackers typically send text messages or social networking service (SNS) messages to mobile users that contain malicious app installations or phishing URLs, encouraging users to click on them. They may also send emails that impersonate well-known corporations with attached malicious apps or URLs, or modify legitimate apps and distribute them.Recently, scammers have been using various methods to grab people’s attention, such as:
- Using wedding invitations, baby showers, or other events to impersonate acquaintances
- Posing as a “delivery service” with notifications of delayed delivery or delivery confirmation messages
- Impersonating “public institutions” such as the prosecutor’s office and the police
- Taking advantage of “social issues” such as holidays, national events, and various accidents and incidents
One moment of carelessness can result in significant financial losses and serious harm to personal information security, highlighting the importance of prevention and proper response to these scams.
Smishing is a compound word of SMS and phishing, and refers to a method of stealing financial and personal information by sending a large number of text messages containing malicious app links to mobile phones, then inducing users to install the malicious app or make a call by accessing the URL in the message.According to the National Cyber Security Center in Korea(NCSC), 958,430 smishing attacks were detected by the Korean Internet & Security Agency(KISA) in 2021. That is more than 2.6 times compared to the 364,000 detected numbers in 2019. The number of smishing attacks detected in 2018 was 242,840, and it is reported that the number of smishing attacks is increasing at an even faster pace.Here are some examples of smishing attacks reported around the world.Case #1As SuperBowl LVII approaches, scammers are sending texts to potential victims inviting them to join betting square pools that supposedly support good causes. The messages often include links, usually shortened URLs, that direct users to malicious websites where scammers will attempt to steal their money, login credentials, and personal information.(Source: KOMANDO)Case #2 An international cybercrime ring based in Madrid, consisting of nine members who robbed over €5,000,000 from individuals and companies in North America, has been dismantled by the National Police of Spain and the U.S. Secret Service. (Source: Bleeping Computer)Case #3Over the past few months, there has been a rise in phishing incidents targeting both private companies like telephone companies and public organizations in Portugal. One common tactic used is to spoof the Tax Agency with fraudulent notifications and tax refund offers, among other tactics.(Source: Gearrice)
How to prevent smishing?
The South Korean government’s official policy blog, Policygram, provided information on how to prevent and respond to voice phishing and smishing on February 10th 2023.
- Do not click on internet addresses (URLs) or phone numbers from unknown sources.
- Limit app installation from unknown sources.
- Maintain the latest updates and real-time monitoring of antivirus programs.
- Do not disclose or enter personal or financial information when requested.
To prevent smishing in advance, you should first be suspicious of smishing if the message was sent from an unclear source (phone number, etc) or if the message contains meaningless characters or numbers between phrases and URLs.In particular, if a site connected by a URL requests personal information, it is safer to immediately close the site.Even if the message is from an acquaintance, it is safer to verify with the person before clicking on a URL that seems unclear or suspicious.To prevent fraudulent activities like smishing, it is essential to take certain precautions. One of the most important steps is to install mobile security software or diagnostic apps and ensure that they are regularly updated. It is also important to periodically check your smartphone’s security status to detect any embedded malicious code within installed apps.
In order to prevent such smishing damage in advance, a service that can protect users from threats such as financial information and personal information theft by verifying malicious cyber threats in advance is needed.Cryptobric by Cloudbric is a mobile service that implements a Secure Web Gateway (SWG) technology to protect users from web-based threats by preventing access to hacking and other threatening information based on a Threat DB developed through user reports and Cloudbric’s expert groupWith just one touch, the service provides free scanning of malware and verification of the risk of cryptocurrency-related apps on the user’s mobile device, as well as blocking access to phishing domains included in texts, emails, and other device content.> Download AOS version – Play Store> Download iOS version – App StoreAs technology advances, so do sophisticated and cunning fraudulent practices. With Cloudbric’s Cryptobric, protect your valuable data and assets against the increasing digital fraud and cybersecurity threats.