smishing

a.k.a. SMs phISHING

A form of criminal activity using social media technology similar to phishing. The name is derived from "SMs phISHING" (SMS, which stands for Short Message Service, is the technology used for text messages on cell phones). Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it is also common to see a phone number that connects to automated voice response system.

For example, the smishing message usually contains something that wants your "immediate attention", such as "We’re confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order on this URL: www.smisherurl.com."; or this one "Name of popular online bank is confirming that you have purchase a $1500 computer from name of popular computer company. Visit www.smisherurl.com if you did not make this online purchase"; and another popular smish campaign is "Name of a financial institution: Your account has been suspended. Call smisher phone number immediately to reactivate".

The "hook" will be a legitimate looking web site that asks you to "confirm" (enter) your personal financial information, such as credit/debit card number, CVV code (on the back of your credit card), your ATM card PIN, SSN, email address, and other personal information. If the "hook" is a phone number, it normally directs to a legitimate sounding automated voice response system, similar to the voice response systems used by many financial institutions, which will ask for the same personal information.

In many cases, the smishing message will show that it came from "5000" instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.

This information is then used to create duplicate credit/debit/ATM cards. There are documented cases where information entered on a fraudulent website (used in a phishing, smishing, or vishing attack) was used to create a credit or debit card that was used halfway around the world, literally within 30 minutes.

Historical perspective: On March 9, 2012 Walmart issued a Fraud Alert regarding a large number of scam texts offering a $1000 gift card as their bait.

NetLingo Classification: Online Jargon

Updates