Security experts warn mobile users over ‘smishing’

Irish security experts have warned mobile phone users about a rising number of “smishing” attacks which allow cybercriminals access to personal information such as credit card details and passwords.

Smishing is a method whereby criminals use text messages to bait consumers into divulging sensitive information.

The scam is similar to phishing, whereby fraudulent emails are sent out to obtain information.

Like phishing, a smishing attack usually involves telling the recipient he or she needs to respond immediately to the message.

A typical scam is one where consumers are tricked into believing their bank accounts have been frozen.

The text appears to come from the person’s bank and tells the recipient to either call a provided number to unblock it or click on an internet link.

They are then asked to “confirm” personal information, such as credit card details, PIN numbers, email addresses and passwords.

“Success rates are higher with a smishing attack compared to ‘phishing’ because consumers are not conditioned to receiving spam on their mobile phone so they are more likely to believe that the communication is legitimate,” according to Jason Ward, country manager of Irish-based IT multinational EMC.

“While a majority of fraud attempts are still targeted at users in the online channel, as banking services go mobile so are the attacks targeting banking customers. Whereas most ‘phishing’ emails are stopped by spam filters, there is no mechanism for weeding out spam text messages.”

He said new figures from the World Bank showed that the number of mobile subscriptions in use globally has grown from less than one billion in 2000 to six billion this year.

Mr Ward said about 3% of all fraudulent transactions originate in mobile devices but, as financial services organisations move products and services to the mobile channel, that figure is expected to rise exponentially.

EMC, which employs more than 2,700 people in Ireland, also warned mobile banking users about the spread of trojans which automatically inject extra fields into the log-in page requesting credit card numbers and ATM PIN codes.

What to do

* Do not reply to a suspect text, particularly one urging you to ring a certain number or click on a certain link.

* Check with your bank directly and tell them what you have received.

* Avoid unknown links.

* Do not store personal information on your phone, such as credit card details and login passwords in emails or notes.

More in this section

Price info
IE_180_logo
Price info

Subscribe to unlock unlimited digital access.
Cancel anytime.

Terms and conditions apply

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day. PS ... We would love to hear your feedback on the section right HERE.

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day. PS ... We would love to hear your feedback on the section right HERE.