Since the start of the health crisis, scams of all kinds have been proliferating. The most widespread is the creation of fraudulent websites that pretend to sell you gels, masks and diagnostic tests, even chloroquine, at unbeatable prices and within ultra-short time frames. To publicise their site and deceive their victims, scammers use an extremely widespread technique: smishing or phishing by text message.
How does this technique work? Smishing, or phishing by text message, is a contraction of SMS and phishing. Like phishing, an urgent message is sent to the user to compel them to take action – visit a website or call a premium-rate telephone number – and thereby obtain money from them. The only difference is that, in this case, the future victim does not receive an e-mail, but a text directly on their telephone. The process is all the more dangerous as people tend to exercise less caution with a text message than with an e-mail. Everyone – or almost – knows the risks to their security when they click on links contained in e-mails. This is much less the case when it is a text message.
Another reason behind the development of this new form of attack is the democratisation of subscriptions and fixed-price offers with unlimited text messages for the general public. In order to connect with their customers, an increasing number of brands offer targeted ads and promotional discounts, and direct their customers to their website to take advantage of these deals! Nothing could then be easier for experienced scammers than to use the same techniques by pretending to be a trustworthy source and thereby fooling consumers who did not expect to receive a dangerous message.
In addition, mistrust tends to drop by a notch in particularly stressful periods such as we are experiencing at the moment. Countless text messages have been sent related to the current pandemic, allegedly from administrative institutions or companies such as banks or payment card issuers. To use the example of the chemists mentioned above, mass text messages are sent out to tempt users onto a site, which looks completely credible; users are persuaded to order large numbers of items to help combat the coronavirus, which they do not have to wait for, but which of course will never arrive. Worse: the duped users will never receive anything, and their personal data (identity, address, telephone and bank details) will be used to steal their money.
Recognising a smishing attempt is relatively easy, even if hackers continue to develop increasingly sophisticated tricks. Here are four things that you should do to avoid falling into their trap.
Check the sender. Do not click on links, attachments or images that you receive in unsolicited texts without having first checked the sender. Also use your common sense. Administrations and banks, for example, do not usually send text messages, and certainly not to ask you for sensitive information.
Don’t be in a hurry. Any message that plays on fear and prompts you to act urgently should get you thinking. Even if this commercial technique is extremely well-known, it is still effective, particularly in troubled times like today, when it is very tempting to give in to panic. By not reacting impulsively and stepping back, you will quickly realise that this is an attempt to defraud you.
Call on your critical faculties. If it’s too good to be true, beware! To this day, there is no vaccine, food, air purifiers, lamps, food supplements or essential oils that can protect or heal you from the coronavirus. Testing kits don’t exist either. Coronavirus can only be diagnosed in Luxembourg by medical professionals and at approved testing centres and laboratories. Also be vigilant when text messages offer worthwhile investments in companies allegedly generating profits during the coronavirus pandemic.
Contact your bank immediately if you think you have replied to a phishing text message and given your bank details.
10/2020
Here are some simple rules to stop you from heading down the wrong track on social networks.
Finding a password which is easy to remember and effective against hacking is not always easy. So here are a few tips for creating a password which is easy to remember and very secure.
We have explained to you what phishing is – now we need to help you make sure you never fall into the trap!