Skip Links

How to avoid becoming a victim of SMiShing (SMS phishing)

IT Best Practices Alert By Linda Musthaler, Network World
March 07, 2013 03:09 PM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Page 2 of 2

End user training is available

Now that you know about SMiShing, let's talk about ways to educate yourself and your user community to reduce the likelihood of falling for an attack. For a comprehensive educational program for your business, Wombat Security Technologies offers SmishGuru. Like Wombat's other products that teach people how to avoid phishing and other security problems, SmishGuru uses simulated attacks and immediate feedback to people who fall for the SMiSh. A security administrator can send mock messages to end users and monitor how people react to the messages. If a person clicks on the embedded URL or calls the phone number in the message, he is counseled on how to change his behavior to stay safe in the future. See the images below for examples.

Figure 1: An example mock SMiSh message
Figure 2: The training delivered by SmishGuru when a user clicks the embedded URL

SmishGuru can be used to send periodic mock attacks just to keep users on their toes and to reinforce the safety message.

Tips to avoid falling for a SMiShing attack

Here are some general tips to share with your end users to help them from falling victim to SMiShing.

  • Avoid clicking links within text messages, especially if they are sent from someone you don't know. But, be aware that attack messages can appear to come from someone you do know, so think before you click.
  • Don't respond to text messages that request private or financial information from you.
  • If you get a message that appears to be from your bank, financial institution, or other entity that you do business with, contact that business directly to determine if they sent you a legitimate request. Review this entity's policy on sending text messages to customers.
  • Beware of messages that have a number that says it is from "5000" or some other number that is not a cell number. Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.
  • If a text message is urging you to act or respond quickly, stop and think about it. Remember that criminals use this as a tactic to get you to do what they want.
  • Never reply to a suspicious text message without doing your research and verifying the source. If your bank is really going to cancel your credit card, you should be able to call the number on the back of your card to discuss this matter with them.
  • Never call a phone number from an unknown texter.

Expect SMiShing to become more prominent in the coming year. The statistics are in the criminals' favor, and it's up to cellphone users to be smart about their behavior.

Linda Musthaler is a principal analyst with Essential Solutions Corporation. You can write to her at


About Essential Solutions Corp:

Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.

Read more about infrastructure management in Network World's Infrastructure Management section.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News