The COVID-19 pandemic forced everyone inside their homes, pausing all physical activities for a few months. As a result, all activities shifted to online mode, and cyberspace saw more users than ever. While digital communication and economy made it easier for people to navigate through the lockdowns, it also exposed users to cybersecurity risks.
The pandemic saw an exponential increase in cybercrimes such as phishing, hacking, ransomware, cyberstalking, harassment, etc.
According to Proofpoint’s report, smishing attacks increased by 328% in 2020 alone. These attackers have been exploiting people’s fear associated with COVID-19 to send malicious messages via email, SMS, or web pages.
What is Smishing?
Smishing or SMS phishing means sending fraudulent text messages to coax victims into revealing private information or installing malware. Cybercriminals send these messages to steal credit card details or other sensitive information such as usernames or passwords to private accounts.
Attackers typically disguise themselves as reputable organizations sending these text messages to deceive the victims. Instances of smishing have particularly increased multifold due to internet and smartphones reaching even the world’s remotest corners.
Smishing attackers use social engineering techniques to deceive message recipients into revealing private and financial information. For example, during the holiday season, you could receive a text message from a seemingly well-known retailer asking you to verify your billing information to get your gift package delivered. The information you provide could then be used for identity theft or potential fraud.
SMS phishers could also distribute spyware or malware through these fraudulent text messages. These messages typically create a sense of urgency for the recipient to click on the link attached to the message. This link then leads to unsafe or bogus websites that can install malware on your device.
Some of the common smishing attacks you need to watch out for are:
- Urgent messages about your financial information, including credit card or bank account details
- Notifications about winning prizes or lotteries
- Fraudulent survey links
- Phony messages pretending to be from trusted brands
Was the Spike in Smishing Circumstantial due to COVID-19?
Yes and no.
COVID-19, much like any other newsworthy event, gave cyber criminals an opportunity to hoodwink people across the globe. The widespread infection and death rate caused by coronavirus instilled fear in people, and they quickly fell prey to fraudulent messages about COVID-19.
Text (SMS) messages are a more direct and trusted method to contact people. According to Symantec, 1 in 20 COVID-19 related messages contained phishing attempts.
Attackers use URL shortening services to hide the domain names and URL destinations from the malicious links they add in SMS. Unsuspecting, vulnerable people in the coronavirus-struck world didn’t think twice before clicking on such links. Symantec also notes a spike in phishing attacks using COVID-19 related SMS messages after it was declared a global emergency by WHO in March 2020.
However, cybercrimes like SMS phishing do not appear or increase only during times of emergency crisis like the COVID-19 outbreak. With technological advancements and people becoming increasingly dependent on their smartphones and other devices, cybercrimes have been on the rise. Whether it’s a period of recession, war-like state, holidays, cybercriminals leave no stone unturned in deceiving digital users.
It seems like cybercriminals are always two steps ahead. Even with cybersecurity updates and robust software to detect and report cybersecurity risks, cybercrimes have not subsided.
Now, with vaccines out in the market, criminals have found new vaccine-themed deception tactics. As always, technology is a double-edged sword. With the life-altering benefits come the security risks. One can only stay smart and alert to avoid these risks from causing damages.
How to Protect Yourself from Smishing?
Smishing attackers target unwitting victims who will be easy targets. You can easily avoid being a victim by being aware. Look for poor grammar or spelling mistakes in these messages. Also, malicious links included in SMS messages are often slightly altered to make them look legitimate. For example, amazon.com could be written as ama.zon.com. Having software like anti-spyware or anti-virus on your device is also a good idea.