Bitcoin Forum
October 21, 2019, 05:09:15 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Smishing and how not to fall for it  (Read 212 times)
Baofeng
Hero Member
*****
Offline Offline

Activity: 924
Merit: 615


View Profile
July 09, 2019, 03:23:59 AM
Merited by suchmoon (4), vapourminer (1), Pmalek (1), DdmrDdmr (1), rhomelmabini (1)
 #1

What is Smishing?

Quote
A form of phishing, smishing is when someone tries to trick you into giving them your private information via a text or SMS message. Smishing is becoming an emerging and growing threat in the world of online security.

https://us.norton.com/internetsecurity-emerging-threats-what-is-smishing.html

And why should everyone be concern about it? Well, we all know that majority of us has cellphones and one time or another have received certain text that came from a company and really looks legit. They can camouflage it by giving you 20% discount of coupon code or something like that.

Yesterday, my wife received such text, however, since I'm not with her that time, she immediately click the link without me knowing. And she was very happy getting about discounts on some store. But I'm a little bit hesitant about it and my suspicions grow. I told here to call the company and see if it is legit or not. And lo and behold, it was a smishing attempt. So I immediately erase and and do a hard reset on her cellphone, for security purposes. Good thing I don't have any crypto wallet installed on her phone, otherwise I may have lost all my funds.

So I dig deeper on how we can prevent such attack, and then I came across U.S. Short Code Directory. How can this help us? You can look at the directory and check whether the text you received is from a legit source. I know it's US base only, but this small and subtle detail can make a big difference. Of course, a combination of skepticism and common sense is still the best weapon for this kind of attacks. But if you are a US based, I urge you to look at the code first before doing anything that you will regret later.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
1571677755
Hero Member
*
Offline Offline

Posts: 1571677755

View Profile Personal Message (Offline)

Ignore
1571677755
Reply with quote  #2

1571677755
Report to moderator
1571677755
Hero Member
*
Offline Offline

Posts: 1571677755

View Profile Personal Message (Offline)

Ignore
1571677755
Reply with quote  #2

1571677755
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
GreatArkansas
Hero Member
*****
Offline Offline

Activity: 644
Merit: 631


WOLF.BET - Provably Fair Dice Game


View Profile WWW
July 09, 2019, 04:03:13 AM
 #2

So I immediately erase and and do a hard reset on her cellphone, for security purposes. Good thing I don't have any crypto wallet installed on her phone, otherwise I may have lost all my funds.
Does she download something when she visited the website provided by the SMS message?

And if the user doesn't download any file after the visit of the website, does it still prone to any serious attack or any hacker can get inside into your device? I'm just curious about it, especially when it comes to mobile phones.

.WOLF.BET.
▀  ▀▀▀▀▀▀
  ▀ ▀▀▀
 ▄ ▄▄▄   
  ▄ ▄▄▄
▄  ▄▄▄▄▄▄
        ▄▄▄▀▀▀▀▄▄▄
    ▄███▌        ▀▀▄
  ▄▀   ▐█████████▄  ▀▄
 ▄▀  ▄█████████████▄  █
 ▌  █████████████████  █
▐  ████████████████ ▄█
█  █████████████████████▌
▐  ██████████████████ ▀█▌
 ▌ ▐█████████████████▌ ▐▀
 █  ██████████████▀ ▄▀
  █   ███████████▀  ▄▀
   ▀▄▄██ ▀▀▀▀▀▀▀  ▄▄▀
     ▀██▄▄▄▄▄▄▄▄▀▀▀
▄███████████▄
███████    ████████████▄
███████    ███████   ▀██
██████████████████    ██
██    ██████████████████
██    ███████    ███████
█████████████    ███████
███████    █████████████
███████    ███████    ██
██████████████████   ▄██
██        ▀███████████▀
██
██
      ▄█▄         ▄█▄
 ▄██ ███ ███████ ███ ██▄
▐███▄ ▀ ▄███████▄ ▀ ▄███▌
▐█▌▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▐█▌
▐█▌   ▄▄▄▄▄▄▄▄        ▐█▌
▐█▌   ████████        ▐█▌
▐█▌       ███     ▄▄▀▀▀██▄
▐█▌      ███    ██▀      ▀█
▐█▌     ███    ███         █
▐█▌    ███     ███          █
 ██▄           ███▄         █
  ▀█████████████████▄     ▄█
                  ▀▀█████▀▀

████
██
██
██
██
██
██
██
██
██
██
████


.AFFILIATE PROGRAM.
   ...FREE FAUCET........
..CHAT RAIN.............
Coyster
Full Member
***
Online Online

Activity: 350
Merit: 128


Match365>be a part of 150btc inviting bonus


View Profile
July 09, 2019, 06:48:45 AM
 #3

And she was very happy getting about discounts on some store
More often than not, it's "greed" that lures enthusiasts(individuals)to fall victim to scam.Thats why scammers usually embellish such messages with one discount or the other, and this makes it more attractive though too good to be true.
And if the user doesn't download any file after the visit of the website, does it still prone to any serious attack or any hacker can get inside into your device?
It's still inimical for one who clicks on such links, if you click on a suspicious or an evil link, the hacker(depends though)already has an access to your device and can steal your assets and funds.

DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 644
Merit: 2775

There are lies, damned lies and statistics. MTwain


View Profile WWW
July 09, 2019, 08:08:34 AM
Merited by suchmoon (4)
 #4

Smishing can also be performed through other communication channels other than sms, such as Whatapp. A typical case would be that of a text message sent from an alleged bank, indicating that a suspicious TX has been performed with your credit card. Customer is then prompted to call a support (fake) phone number where the scammers, pretending to be the bank, ask for certain personal information in order to, supposedly, cancel the suspicious TX. This is a real case going on with BBVA.

Note: Apart from phishing and smishing, there is also vishing (voice phishing).

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 714
Merit: 2903


Decent


View Profile
July 09, 2019, 08:13:37 AM
Merited by suchmoon (4)
 #5

So I immediately erase and and do a hard reset on her cellphone, for security purposes.
Make sure she didn't also try to log in to anything after clicking the link in the SMS. Often sites like these will prompt users to log in with their Google/Facebook/Microsoft/Samsung/similar account to "access" these special offers. Obviously you'll need to change passwords and look out for any suspicious activity if she did type her details in.

LTU_btc
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 744



View Profile WWW
July 09, 2019, 09:42:47 AM
Merited by suchmoon (4)
 #6

I would say that smishing is more dangerous than other types of phishing, for example email. In email it's quite easy to spot that that email is fake, you just need to check email address of sender. In SMS it's more difficult to spot fake message. It's usually sent from unknown number and link is hidden under shortlink. So, I'm trying not to click any links so SMS, even if it looks that sender is legit. What you can do after getting suspicious message - try to Google phone number of sender, maybe it's already been reported before. Or you may find information that this number is legit.
I think that smshing is quite rare because it's not cheap thing for fraudsters - if they want to send large number of messages it can cost quite expensive.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
 WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
Lucius
Legendary
*
Offline Offline

Activity: 1568
Merit: 1356


Fortis Fortuna Adiuvat


View Profile WWW
July 09, 2019, 12:46:00 PM
 #7

I think that smshing is quite rare because it's not cheap thing for fraudsters - if they want to send large number of messages it can cost quite expensive.

I get some messages of that type, but mostly on WhatsApp or Viber and ignore them always. This is very cheap way to send big number of messages for free, and some people just click on anything without any checks. I am not sure is there some app for blocking SMS that come from unknown numbers, same as blocking calls by different categories (black list, unknown numbers, international numbers).

I use G-mail and most of spam go directly to Spam folder, it would be nice to have something similar for SMS. Some sort of SMS spam filter on mobile service provider would be good solution, but Viber and other similar apps should make something similar on their platforms.

hilariousetc
Legendary
*
Offline Offline

Activity: 1372
Merit: 2247


https://bitcoin.watfordfc.com


View Profile
July 09, 2019, 01:24:03 PM
 #8

Don't forget about catphishing as well. That's when some dude pretends to be a female to try get their victim to let their guard down and send them bitcoins (because obviously a woman would never scam anyone - they're far too nice for that). Seen it happen a fair few times here and there's probably much more that we don't see as people will be too embarrassed to come clean and then also all the attempted times - users like Alia etc: https://bitcointalk.org/index.php?topic=3032057.0

Pmalek
Legendary
*
Offline Offline

Activity: 1092
Merit: 1158



View Profile
July 09, 2019, 01:37:14 PM
 #9

Does she download something when she visited the website provided by the SMS message?

And if the user doesn't download any file after the visit of the website, does it still prone to any serious attack or any hacker can get inside into your device? I'm just curious about it, especially when it comes to mobile phones.
Don't confuse phishing with malware and viruses. They usually don't include any type of malware as the people behind the attacks are looking for login details for you bank/paypal or credit card numbers and those who get phished unknowingly give the hackers that information.

I assume that the SMS OP's wife received contained a link where she was either asked to login to her online banking/paypal or they were asking for personal information - her identity, which could then be misused or sold.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
pedpedped101
Jr. Member
*
Offline Offline

Activity: 364
Merit: 1


View Profile WWW
July 10, 2019, 12:58:08 PM
 #10

My first time of seeing the word smishing and also getting a meaning to it.
This is one of the predominant ways of being scammed these days. Although i am nit from the US, but i also receive some texts on my cellphone that looked suspicious, but because of my knowledge of internet fraud, i never bothered on click on them, because i do not look for cheap things around.
This us a helpful post though.

lucky.io  [ KEEP PLAYING! KEEP WINNING! ]
Harlot
Hero Member
*****
Online Online

Activity: 1218
Merit: 603



View Profile
July 10, 2019, 02:07:11 PM
 #11

Best way to know if the text is a scam or not is when you received that you've won something or have been picked for a promo when you didn't join/participate in any kind of contest at all. This only means that someone just sent you a random text from their spam directory. Best thing to do is to block their numbers and delete their messages for you to avoid on accidentally viewing them. Just remembered that if you haven't participated on something and you receive these kinds of messages best is to avoid it.

bernardos
Member
**
Offline Offline

Activity: 378
Merit: 34


View Profile
July 10, 2019, 02:40:43 PM
 #12

Best way to know if the text is a scam or not is when you received that you've won something or have been picked for a promo when you didn't join/participate in any kind of contest at all. This only means that someone just sent you a random text from their spam directory. Best thing to do is to block their numbers and delete their messages for you to avoid on accidentally viewing them. Just remembered that if you haven't participated on something and you receive these kinds of messages best is to avoid it.
But imagine if the SMS comes from someone pretending to be a representative of a brand you often buy. Imagine you just bought yourself a new pair of sneakers and you are getting a 50% discount as a promotion for your loyalty. People could easily fall for that.
Herbet Fry
Sr. Member
****
Offline Offline

Activity: 812
Merit: 251


●Social Crypto Trading●


View Profile WWW
July 15, 2019, 03:45:43 PM
 #13

You have to actually install something and download it to be infected. even if you infected how it steal your privatekey?

Best way to know if the text is a scam or not is when you received that you've won something or have been picked for a promo when you didn't join/participate in any kind of contest at all. This only means that someone just sent you a random text from their spam directory. Best thing to do is to block their numbers and delete their messages for you to avoid on accidentally viewing them. Just remembered that if you haven't participated on something and you receive these kinds of messages best is to avoid it.

Yes exactly. Like if you shopped at a place a few weeks ago and they send you a discount then that makes sense. If you get one from a place you have never heard of you can just look at the link to see exactly how to redeem the voucher. People should be checking the terms of use. You will be able to determine if it is legit or not with ease by this stage.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!