Some may think that SMSs are a thing of the past. Since Apple’s iMessage has taken over, SMSs are known to be a primitive form of communicating. But hang on, that’s not the case for everyone.
Generally, SMSs are more widely used in the service industry because of their ability to reach a wider audience regardless of the devices. From a fancy iPhone to a prepaid ZTE flip phone, anyone can receive SMSs. Perhaps it makes excellent sense.
However, in this particular case, convenience brings with itself, crime. What has proven to be successful for businesses has also proven to be a resourceful channel for cybercriminals used for phishing and scams. This is known as “Smishing”.
Due to character limitations, it makes perfect sense for cyber attackers to send short URLs similar to businesses, making the texts look more legitimate. Here’s an excellent example of what a URL looks like on an email as opposed to a compressed cryptic SMS link:
Email URL: https://Joespizza.example.com/pizza-order.html?lang=en-US
SMS URL: https://xx.test/ABXt
This tactic of compressing the URL in SMSs is not primarily to save space but to appear more valuable to the receiver enticing them to click the link.
The same user might not click the compressed link on an email as it would appear suspicious. It’s hard to explain why we are programmed to receive information differently, but we are.
Naked Security has successfully recognized a pattern in these SMSs that the scammers do not aim to send the text to the right person but the focus is more towards Click-through Rates (CTRs). Some also use “reverse authentication” psychology to achieve the CTR goals. – Said Naked Security.
Once they successfully make you click the link and verify the information (even if you’re not the person who the scammers intended to send the SMS to), you end up on an enticing scam site where you’re asked to make a purchase, finally disclosing your credit card details to the scammers.
Isn’t that the whole point? Don’t look too surprised when you receive a text message with a strange link and remember to keep your credit card in your wallet until it’s for something you really want to purchase.
Remember the following as a rule of thumb:
- There are no free lunches (especially not on the internet).
- Keep your eyes open for clues.
- Look at the link before you click. (there could be noticeable errors in the link).
- Consider a web filter.
- Not every link needs to be clicked. For the most part, if there’s something urgent that anyone needs to contact you for, they will less likely send you a strange link and rather contact you via phone call or email if needed.
