What is Smishing?

FYITechScamsFraud
Written By Management

How to Avoid SMS Phishing Scams

What on earth is Smishing? Before I answer that, have a look at this image here. Looks legit, right?

Smishing Example Which Happened to Me.PNG

Ironically enough, as I was relaxing on my couch watching Netflix, I got this text message from, obviously Netflix themselves! How honoured I was that they would personally take the time to text me directly, right?

Ok, so… obviously this is NOT a text message from Netflix. This is what is known as “Smishing”.

What is “Smishing”?

SMS + Phishing = Smishing. Weird word if you ask me, but I didn’t invent it so, whatever. So as you probably guessed it, when scammers phish over SMS, it’s called Smishing.

Chances are you’ve received similar texts to the one I just posted

Smishing.jpg

How do I know it’s Smishing?

Let’s say you get a text from Amazon telling you that you need to log in to update some details on your account. Well, first of all Amazon wouldn’t text you, it would likely just ask you to do so next time you log into their website via their Amazon site, but that’s besides the point. How can you tell if it’s legit or not? Here’s how:

It Seems Suspicious

Do any of the following seem too random or good to be true?

  • You just won a free vacation, tap the link below to claim it!

  • Your parcel is awaiting your personal details to be delivered. Please confirm using this link.

  • Please confirm your identity to receive a free gift from Amazon! Simply click the link below and enter your information!

The Sender is Unknown

If you’ve never communicated with the phone number sending you the request for your information, it’s probably Smishing.

The Sender Requests Personal Details

Reputable companies know better than to solicit personal details over an SMS message. And most companies don’t even know your phone number. Do you remember giving Netflix your phone number? I don’t…

The Sender Uses Poor Grammar

This isn’t always the case, sometimes the scammers speak proper English and they send you communications which appear perfectly legitimate on the surface, only to lure you in with a fake link for you to click on to give away your information. Or worse, the link you click on may contain a virus which when you tap the link to open the website, the virus infects your computer!

The Message Contains a Fake Link

Look at the URL and examine the domain that you are being asked to click on to determine if it’s a legitimate domain or if it’s trying to mimic a legitimate website.

For example, blog.amazon.ca could be a legitimate website, but amazon.blog.ca could be someone trying to impersonate Amazon. Why? Before we explain things, do you know the answer?

Onwards! When you examine URLs, always look at the domain. Let’s look at our two examples for which domain is the authentic Amazon domain, and which is the fake:

  • blog.amazon.ca is legitimate because the domain here is Amazon.ca and their subdomain is blog.

  • amazon.blog.ca is fake because their SUB-DOMAIN is Amazon, but their domain is blog.ca.

As you can see, the word attached to the .ca, .com, .net, .org, etc. is always the highest level domain, meaning the actual domain. Anyone can make an “Amazon” subdomain, but only Amazon can make the Amazon top level domain.

Can You Identify Which Domains Are Fake?

Now that we’ve made you an expert, it’s time to test your skills. Which of the following domains are fake? I’ll include the answers for you below, but don’t cheat—this knowledge will help you when you’re out in the real world being targeted for scams by hackers and phishers.

  1. help.netflix.com

  2. support.facebook.com

  3. twitter.help.com

  4. universityoftoronto.resources.com

  5. helpdesk.instagram.it.com

  6. bit.ly/41642069

Ok, so which are legit and which are probably scammers?

Drum roll please….

More drum roll so that you don’t “accidentally” scroll down and reveal the answers…

Let’s see how you did!

  1. LEGIT

  2. LEGIT

  3. FAKE

  4. FAKE

  5. FAKE

  6. UNKNOWN

So, I threw a little curveball at you. I added in a shortened link, which could point to anything, including a phishing website designed to impersonate a website which is actually legitimate. But since it doesn’t have the same domain structure I mentioned, you should never click it, especially when it comes from an anonymous or unrecognized source.


How do I combat Smishing?

Regular Phishing via Email

For emails you can

  1. Report Smishing

  2. Mark Email as Spam

  3. Block Sender

  4. Delete Email

Smishing

SMS doesn’t give you quite as many options for fighting phishing as does email, but it does indeed allow you to:

  1. Block the Sender

  2. Hide Alerts

  3. Delete Message

Oh, and if you’ve got a real taste for justice and want to help crush these Smishermen (or women!), you should file a report with the RCMP here!

More Resources:

Scammers can forge email addresses, how to spot them!

What is Typo-Squatting and How do Scammers Exploit It?

PAID App to Automatically Block Spam Calls on Iphone

Did You Know? Phone Numbers in Caller ID Can be Faked?

Management

Founded in 2015, ThatTorontoStudio is Canada’s leading photography studio rental service, based in Toronto, Ontario.

https://www.thattorontostudio.ca
Previous

Toronto Photography Jobs
Next

The Best Camera Stores in Toronto