The amount of text phishing or smishing attacks (opens in new tab) have almost doubled when compared to last year's holiday shopping season as cybercriminals are increasingly preying on Black Friday (opens in new tab) and Cyber Monday (opens in new tab) shoppers.
According to Proofpoint (opens in new tab), over two-thirds of all SMS messages sent worldwide are related in some form to either an order delivery or consumer retail brand. As consumers have become more familiar with interacting with businesses over text messages, cybercriminals have jumped at the opportunity to impersonate popular brands and delivery companies over SMS.
They are now using smishing attacks that claim to be from reputable companies as lures in an attempt to steal payment information and personal details from unsuspecting targets. While many of these lures request credit card information to resolve an issue supposedly related to the purchase or delivery of a nonexistent item, attackers also attempt to steal personal information through an enticing URL or landing page (opens in new tab) in other cases.
In a new blog post (opens in new tab), Proofpoint highlights an “Early Bird Black Friday” package deliver smishing attacks where the landing pages presents an authentic looking package notification. However, clicking on the “Find My package” button and continuing further on the site leads to requests for personal information from the potential victim including their name, postal information and email address.
Switching from email to SMS
Although email (opens in new tab) users are gradually learning that opening attachments from strangers, clicking on questionable links and visiting webpages with multiple redirects are risky behaviors, the same can't be said for mobile users who aren't nearly as cautious.
For instance, text messages have a 98 percent open rate and recipients open 90 percent of their messages within three minutes. At the same time, text messages have an eight times higher click-thru rate when compared to email.
To avoid falling victim to smishing or other SMS-based scams this holiday season, mobile users should be alert and skeptical of any unexpected or unrequested holiday-based awards, prices and offers as well as wary of any package deliver notifications.
Proofpoint recommends that mobile users be on the lookout for suspicious text messages, carefully consider the risks before giving out their mobile phone number to businesses, avoid opening links in messages directly and instead copy them to their browser (opens in new tab) and be careful when downloading and installing new software to their Android smartphone (opens in new tab) or iPhone (opens in new tab).