CS Nov-Dec 2020

smishing
service, ignore the message," advises
Norton. "If you see any unauthorised
charges on your credit card or debit card
statement, take it up with your bank.
They'll be on your side."
HOW TO KNOW IF YOU'RE
BEING SMISHED
In general, don't reply to text messages
from people you don't know. That's the
best way to remain safe. "This is especially
true when the SMS comes from a phone
number that doesn't look like a phone
number, such as a '5000' phone number.
This is a sign that the text message is
actually just an email sent to a phone.
You should also exercise basic precautions
when using your phone. Don't click on
links you get on your phone, unless you
know the person they're coming from.
Even if you get a text message with a link
from a friend, consider verifying they
meant to send the link before clicking
on it. A full-service Internet security suite
isn't just for laptops and desktops. It also
makes sense for your mobile phone.
A VPN such as Norton Secure VPN is
also one advisable option for your mobile
devices. This will secure and encrypt any
communication taking place between
your mobile and the Internet on the
other end. "Never install apps from text
messages. Any apps you install on your
device should come straight from the
official app store. These programs have
vigorous testing procedures to go through
before they're allowed in the marketplace.
Err on the side of caution. If you have any
doubt about the safety of a text message,
don't even open it."
Almost all of the text messages that you
get are going to be totally fine. However,
it only takes single rogue message to
compromise your security. With just a
little bit of common sense and caution,
you can make sure that you don't become
a victim of identity theft.
WHAT SMISHERMEN USE AS BAIT
As Kapsersky Labs points out, texting is
the most common use of smartphones -
and so a rich source of pickings for
smishers. Experian found that adult
mobile users aged 18 to 24 send more
than 2,022 texts per month-on average,
that's 67 per day-and receive 1,831.
"A couple of other factors make this a
particularly insidious security threat,"
warns Kaspersky. "Most people know
something of the risks of email fraud.
You've probably learned to be suspicious
of emails that say 'Hi-check out this cool
link' and don't contain an actual personal
message from the supposed sender.
"When people are on their phones, they
are less wary. Many assume that their
smartphones are more secure than
computers. But smartphone security has
limitations and cannot directly protect
against smishing. As noted by WillisWire,
cybercrime aimed at mobile devices is
rocketing, just as mobile device usage is.
However, while Android devices remain
the prime target for malware-simply
because so many of them are out there;
and the platform offers greater flexibility
for customers (and cybercriminals!)-
smishing, like SMS itself, works crossplatform.
This puts iPhone and iPad users
at particular risk, because they often feel
they are immune to attack."
Although Apple's iOS mobile technology
has a good reputation for security, no
mobile operating system can by itself
protect you from phishing-style attacks,
argues Kaspersky. "Another risk factor is
that you use your smartphone on the go,
often when you're distracted or in a hurry.
This means that you're more likely to get
caught with your guard down and thus
respond without thinking, should you
receive a message asking for bank
information or to redeem a coupon."
The good news is that the potential
ramifications of these attacks are easy to
protect against. In fact, you can keep
yourself safe by doing nothing at all.
"The attack can only do damage if you
take the bait."
No financial institution or merchant
will send you a text message asking you
to update your account information or
confirm your ATM card code, reiterates
Kaspersky. "If you get a message that
seems to be from your bank or a
merchant you do business with, and it
asks you to click on something in the
message, it's a fraud. Call your bank or
merchant directly, if you are in any doubt.
Remember that, like email phishing,
smishing is a crime of trickery - it depends
on fooling the victim into cooperating by
clicking a link or providing information.
Indeed, the simplest protection against
these attacks is to do nothing at all."
As technology has developed and
evolved, the ways in which scammers try
to target people has developed with it,
comments the Financial Ombudsman
Service (FOS). "From fake websites to
text messages that appear to be from
a legitimate source, scammers will
try a variety of ways to get personal
information from you, in order to take
money from your accounts, use the details
you share to pretend to be you, or to sell
on. As well as use of technology, we also
see scammers trying to manipulate or
exploit situations to build trust or create
panic, to try to get people to divulge
information over the phone, and
sometimes even face to face.
MULTIPLE TARGETS
The FOS sees a wide variety of
circumstances in the complaints that
are referred to it and not just related to
banking - "we know that fraudsters also
look to target pensions, investments and
insurances, too". The industry regulator,
the FCA, has information on its website
about avoiding investment and pension
www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2020 computing security
13