September 26, 2020
Remember when we were young and innocent, and the only thing we had to be on our guard about was phishing emails? You know, the emails from scammers trying to get your login credentials, social security number, credit card info, or some other personal information?
Did you ever wonder why it's called phishing or spelled that way?
Way back in the '90s (that's the 1990s, not the 1890s), hackers developed a method of stealing passwords and credit card info from America Online (AOL) users. The hackers used emails as bait to fish for passwords from the ocean of AOL users. They spelled it that way because those AOL hackers were paying tribute to the earliest known form of hacking called phone phreaking. The first hackers often substituted 'ph' for an 'f' in a word, at least when they wrote stuff down. So hacked AOL accounts/passwords were called phish by the hackers and even became a form of hacking currency. You can't make this stuff up.
That was all a long time ago, but phishing is still with us. And it's still using emails as bait, trying to catch passwords and other information from unsuspecting people. People are getting wise to the ways of phishing, so naturally, something had to change.
Meet phishing's new partner, smishing. Or, instead of a partner, more like a family member. Like phishing, smishing tries to trick you into giving away personal information, but smishing uses text messages instead of emails.
By the way, the term smishing comes from combining Short Message Service (SMS) with phishing. SMS is the technical term for the delivery service all text messages use to get to your phone.
Smishing uses scam text messages to try to, you guessed it, trick you into giving out personal information. You might get a text that looks like it's from your bank, or maybe from a package delivery service. These scam texts always include a link. The trick here is that the link goes to the scammer's website. These websites are often nearly exact copies of the real companies' website. Real enough looking to fool you on your phone, where you might enter information the scammer can use to set up a recurring charge on your credit card, or some other equally shady thing. Like with a phishing email, don't click on any links in a smishing text; delete that sucker.
Smishing texts can even allow scammers to "sideload" malicious applications to your phone without your knowledge. Sideloaded applications don't go through the approval process on the Apple App store or the Google Play store. So no one has verified that the sideloaded app isn't loaded with viruses or out to steal your car keys and lock you out of your own house, among other things. Sideloading apps is bad, especially without your knowledge.
Smishing isn't commonplace yet, but as Internet Service Providers (ISPs) improve their spam filters and email users become better-informed about common phishing scams, the scammers are turning to smishing. The hope is that people will be less skeptical about scam texts on their phones.
If your phone can't match the number that texted you with one in your contacts, an unknown number, be wary. If you get a delivery alert and you aren't expecting a delivery, delete the text. If you get a text alert from your bank or credit card company, delete the text and go to the website or call the company directly and find out if the alert was genuine. And never click on any of the links in those texts. Just don't.
You might have some luck blocking spammy text messages and calls on your phone. Look in either Android Play or the iOS App store for spam, robocall and text blocking apps for your phone.
You can always manually block numbers that send you spammy texts, but since the scammers can spoof or fake their number, it might not do much good.
A train joke...
A pessimist sees only the tunnel.
An optimist sees a light at the end of the tunnel.
A realist thinks the light is probably inside the tunnel.
A train's engineer sees three idiots standing in the middle of the track