There are a whole lot of cyber threats that users need to be prepared for when they go online, from websites that run unauthorised cryptocurrency miners in your browser, to public wifi hotspots that might allow other people to hack your accounts, to botnets which can steal your device’s processing power. There is even software out there which claims to improve your security but in fact makes your device less safe. We try to share tips on as many security issues as possible so that you can know about them and be prepared should you come across such an attack.
You’ve probably heard of phishing, where criminal organisations send out emails which appear to be from a bank, social network, or other legitimate site that you use, and try to get you to send your login information to them via email. Then your accounts can be accessed and your identity can be stolen. But there’s a variation of phishing that you might not be aware of, called smishing. This stands for SMS phishing an is an increasingly common kind of phishing scam. Many people are used to being on the lookout for dodgy emails, but they might not know that SMS messages can be sent fraudulently too. Today we’ll explain what is smishing and give you some tips on how to check your text messages and stay safe when using your mobile phone.
What Is Smishing?
Essentially, smishing is a variation on the well-known phishing scam. Only instead of receiving a letter, email, or IM from the phisher, you receive an SMS message on your mobile phone. It starts when criminals are able to get your phone number, either because you have it listed publicly on social media, or because they purchased your phone number along with many others from the dark web after it was leaked by another company. Either way, once a group of criminals have your phone number, it’s very easy to send out mass text messages. Some people don’t realise this, but you can send text messages to hundreds of numbers at once, sometimes for free, from certain websites or using particular software. It’s easy to spam text message a large number of people.
Then you’ll receive a text message that may look legitimate at first. It could say something like: “Your Apple ID has been compromised. Please reply to this text with your password to confirm your identity”, or “Your Google account needs to be confirmed. Click this link to confirm your identity”. Sometimes, the texts will offer you prizes or cash to induce you to respond.
The message persuades you to either click on a link, call a number, or send information to the person messaging you. These scams often target financial accounts like your bank account or credit card, or popular key accounts like your Google account or Apple ID. Once the smishers have your password or other login information, they can access your accounts and steal your identity.
How Can You Protect Yourself From Smishing?
Now that you know what smishing is, there are some key steps that you can take to protect yourself from this kind of scam:
- Don’t click on unknown links in text messages. If you don’t recognise the number that sent you the text, don’t click on any URL in it. It’s best to just delete the text if it’s suspicious.
- Don’t reply to the message. Some smishing texts will include a line at the end like “Text STOP to 88253 to stop receiving messages.” You should not reply to the text or to this number, as doing so only confirms that the number the scammers have on file is owned and used by a real person. Replying will only lead to them sending you more spam messages.
- Check suspicious numbers and messages before taking any action. If you’re unsure whether a text message is trustworthy or not, you can always Google either the number of the text of the message. Doing so will likely let you know if the message comes from scammers. If you find that it does, you can block numbers or calls from the suspicious number.
- Learn the signs of a virus on your phone. We usually think of viruses as a problem for computers, not phones, but they can affect mobile devices too. Be on the lookout for decreased performance, unwanted apps appearing, or your device heating up, which can all be indicators that something is not right with your device.
- Use a VPN to protect your location data. One clever twist on smishing used by some scammers is using your phone’s location data, which is fairly easy to access. When you visit a new place, you might get a message saying that the service (like Google, Apple, Facebook, or so on) has noticed you’re in a new area, and you need to send confirmation text to unlock your account. The best way to prevent smishers from accessing the location data on your phone is to use a VPN which will encrypt all of your data so that scammers can’t access it.
Use A VPN To Hide Your Location Data From Smishers
When it comes to choosing a VPN to keep your phone safe from smishing and other scams, there are a number of factors to consider. Here are the ones that we consider to be most important:
- Good security. In order to keep your phone safe, you need a VPN with key security features like strong 256-bit encryption and a no logging policy.
- Fast connections. A VPN which slows down your internet connection is a big pain, so you want a VPN with super fast connections that you won’t even notice are there.
- Support for your phone’s operating system. To use a VPN, you install an app created by the VPN provider. So to protect your phone, you’ll need to find a VPN provider who offers software for your platform of choice.
- Plenty of servers around the world. Another way to make sure your VPN doesn’t slow you down is to connect to a server that’s physically nearby to your location. This is easier to do if the VPN provider has a large network of servers available for your use.
Based on these factors, here are the VPNs that we recommend to help keep you safe from smishing:
For heavy internet users who want the best of all worlds in terms of security, speed, and ease of use, then we recommend ExpressVPN. This service has super fast connections that won’t slow you down, with a high level of security like the use of strong 256-bit encryption and a no logging policy to protect your privacy. The server network is absolutely massive, with a network of more than 1000 servers in 145 different locations in 94 countries available. The software has helpful advanced features like a speed test and a DNS leak and is available for Windows, Mac OS, Android, iOS, and Linux.
When speed is your number one concern, we recommend IPVanish. It has among the fastest connections of any of the VPNs out there, and also offers features like a large network of 850 servers in 60 different countries. The security is very good, with strong 256-bit encryption and a no logging policy, plus there are more security features available in the software like a kill switch, auto reconnect, leak protection for IPv6 and DNS, periodic IP address change, and manually configurable DNS. The IPVanish software is available for devices running Windows, Mac OS, Android, Linux, Windows Phone, or iOS.
CyberGhost is a great choice for users who are looking for a simple, easy to use app with an approachable graphical user interface. When you open the app you can choose which server to connect to based on your current needs, like browsing anonymously, torrenting anonymously, or unblocking websites with region locks like BBC iPlayer. The security included by default includes 256-bit encryption and a no logging policy, and extra security features like a kill switch are automatically activated under certain profiles. This makes the software great for new users – you just select the type of protection you need and everything is configured for you.
CyberGhost offers a large server network of more than 1300 serves in 30 different countries, and the software can be installed on Windows, MacOS, iOS, and Android.
For those users who are after the highest level of security that they can find, then we recommend the military grade encryption from NordVPN. Of course, this service has essential security features like strong 256-bit encryption and a no logging policy. But it also has the option to use special servers which have security services like anti DDoS, dedicated IP, onion over VPN, and P2P servers. Our favourite is the special double encryption servers, in which your data is sent to two different servers and is encrypted twice over for the best possible security. Other handy features include a CyberSec switch which enables anti malware protection on any server, and both an app-specific and a general kill switch to stop you from sending unencrypted data by accident.
The server network covers more than 1000 servers in over 60 different countries, and the software has a map interface that makes it dead easy to select the server you want. The software is available for Windows, Mac OS, Linux, iOS, Chrome OS, Android, iOS and Windows Phone, as well as browser extensions for Firefox and Chrome.
If you need to use a VPN on networks with VPN blocking, like those you’ll find in China and other restricted countries, then we recommend VyprVPN. This service can get around VPN blocks and offer greater security by encrypting your metadata as well as the data itself. This metadata can be used to determine your true location even when you’re using a VPN, so encrypting it gives you maximum peace of mind. The other security features available include 256-bit encryption and a no logging policy.
The server network is slightly smaller than others, offering more than 700 servers in 70 different countries, but that’s still plenty for everyday needs. The software is available for Windows, Mac, Android, and iOS.
Smishing is a variation on the well known scamming technique of phishing, where you receive a message that seems to be from a legitimate company asking you to send information such as your username or password. But actually, these messages are generated not by the real company but by scammers who are trying to steal your login information. With smishing, you receive an SMS message instead of an email, but the essential principle is the same.
One feature of smishing that it’s worth being aware of is that scammers may use location data from your phone to try to make their scam look more legitimate. For example, you might receive a text message asking for account verification when you visit a new area. But this is just a clever trick on the part of the scammers, and you should never reply to such a message.
Using a VPN can help to protect you from this kind of location-based smishing. We’ve recommended a number of VPNs which can help to keep you safe whenever you browse the internet on your phone.
Have you ever received a smishing message? And do you have any techniques that you use to distinguish genuine text messages from scam messages? Let us know about it in the comments below.