By Ronald Samonte

May 13, 2023

a dell laptop computer with a red screen
a dell laptop computer with a red screen

The Threat of Phishing

This days we spent a lot of our time using the internet. Our work, social life, entertainment and finances have become linked and dependent on our internet usage. In reality all of these have open up a lot of innovation on how we use and interact in the web. This provided us some good benefits such as the ability to work at home, ease of doing banking, shopping and many more. With these benefits there are also some downsides. Recently there have been a lot of news about people's bank accounts and online wallets getting hacked and the money being stolen. This is the problem, no matter how high is the security of the banking and financial institutions the bad elements(hackers) have also become more sophisticated. One of the most common cyber-attack hackers used to infiltrate and get their hands on our sensitive personal and financial information is by means of Phishing. What is Phishing? It's a form of social engineering where attackers deceive people in revealing sensitive information or installing malware.

Phishing has evolved from email-based attacks to the use of messaging or SMS. Phishing by SMS and data-based messaging apps like Viber and Whatsapp have been prevalent now a days. The terminology coined for SMS Phishing is called Smishing. The danger of these cyber-attack attempts should never be underestimated. It's easy to fall into SMS Smishing, just 1 click of the included link could put the user into harm's way targeting his/her personal and financial information. I have provided below some screenshots of SMS samples of actual Smishing attempts. As you can see most of the text messages looks authentic. Got several SMS supposedly coming from banks and prompting me to take action by clicking the link. Almost got me on one of these attacks, good thing I check my account first to see if I can still access. Going back to the text message I realize the number is not from my known contact list and got the feeling this are from scammers.

What is also surprising and scary is this scammer knew my personal information such as my name and mobile number. How they got my personal information I'm not entirely sure. But due to numerous Phishing attempts, I have started changing all of my passwords from my social media apps to my banking apps. Also began using a password manager for a much stronger and secure password. The Smishing attacks can vary from a message disguised as coming from your bank or from a recruiter offering you a job. It's easy to fall prey into these Smishing trap if you don't pay much attention or got excited you may end up clicking the link instinctively. There are some ways to protect our digital identity and sensitive information. I have outlined some of the things that we can do to prevent and secure our personal information.

Protect yourself from Smishing attacks

Avoid clicking links included in the SMS.

Clicking the links could be very dangerous. The link may lead to a fake website where the user private information can be stolen by the attacker. A second scenario from this is that the mobile device can be infected with malware.

✅Keep your smartphone or computer software always updated.

This is important as updated software incorporates the latest patch in security thereby minimizing any possible exposure to fraudulent apps and fake websites.

✅Be cautious on responding to unsolicited messages from Unkown contact or sender.

If the sender of the message is not on your contact list and the message looks suspicious immediately block the sender and delete the message.

✅Be cautious on answering unsolicited phone calls - It could be Vishing.

Vishing is a type of Phishing, but the cyber-attack is done via a phone call. The attacker by means of deception or intimidation tries to scam the target into giving-up personal and financial information. It is important not to give any information that may compromise your security such as account number, password, OTP and credit card CVV.

✅Be careful when using Public Wi-Fi Networks

Most of us tend to connect to free WI-FI networks but don' realize the risk. Unlike our home WI-FI networks where we know that its secured and safe to use. Public WI-FI tend to have less security which may allow some hackers to connect to the same network. This form of cyber-attack is known as Man-In-Between attack and the hackers would be able to intercept and see what you're doing. If you're in the middle of a bank transaction, then the attacker would see your account information details. If you need to connect to a Public Wi-Fi network, it's not advisable to do any financial transaction. Or better yet try to use a VPN. A VPN encrypts the internet connection and hides your device IP address making it difficult for hackers to intercept your data.

✅Add an extra layer of security using proven Internet Security Software.

Apps like Kaspersky, Bitdefender, and Norton are the top internet security apps in the market. It should provide a high degree of protection against cyber-attacks that includes Phishing.

a cell phone showing a message about the dangers of Smishing getting detected
a cell phone showing a message about the dangers of Smishing getting detected
a cell phone showing a message about the dangers of Smishing getting detected
a cell phone showing a message about the dangers of Smishing getting detected

Bitdefender offers a broad suite of Security Plans. They offer mobile protection plan for both Android and IOS. The app can detect malicious link on the android phones. The IOS version does not have this feature but has web protection which block phishing sites.

Image courtesy of Bitdefender

If you become a victim of Phishing, Smishing or Vishing, promptly report to the authorities. Call your banks if your financial information has been compromised. Secure your accounts by immediately changing passwords and pin code. It's highly recommended to use a password manager if you're not using one yet.

Sample of real Smishing messages.