SPAM text messages vs SMiShing and defending against it

October 22, 2020  |  Lisa Ashjian

The rise of SPAM text messages

Businesses want to connect to their customers and meet them where they are. One growing way to communicate to them is through text messages including providing coupons, recent news, and other marketing materials. When these marketing efforts are unwanted by the customer, this is when they cross the line into the SPAM category.

SPAM has taken many forms throughout history such as junk mail in your mailbox and robocalls. Then, with the birth of the internet, digital SPAM emerged in the form of email and has now expanded to the web, social media, text messages, and more. These digital spam efforts are very easy and low-cost methods to reach large amounts of people.

Legitimate businesses honor and respect this line between wanted and unwanted communications through opt-in/opt-out and subscribe/unsubscribe capabilities to allow users to manage how and when they want communications. But beyond managing the sheer number of text communications, what happens when a malicious actor decides to use these texting techniques to target you with a phishing expedition?

What is SMiShing?

SMiShing is phishing that uses texting to lead you to fake websites and phone numbers that imitate real companies. This is a type of social engineering that fraudsters use to get personal information from you with malicious intent.

Today, phishing is the number one security threat and the worst part is- when it comes to phishing attempts on a mobile device, it works! For example, according to Lookout, 56% of mobile users have received and tapped on a URL that bypassed existing layers of phishing defense. And on average, a user will click on approximately six phishing links from their mobile device each year.

You may be asking yourself, how could someone be fooled by these? Part of the reason is the form factor of a mobile device which makes it harder for the user to spot these social engineering techniques. Another reason is we’re often in a hurry or distracted while using the mobile device. And finally, many people believe they are safer on their mobile device than traditional laptops and desktops which in today’s world may not be the case.

Mobile device manufacturers, wireless carriers, and regulators have all been working closely together to curb the issues around SPAM and SMiShing. For example, AT&T monitors the network 24/7 and supports legislation to end text spam. Also, AT&T will never ask someone to send personal or account information via email or text message. But with many types of security efforts, combating social engineering attempts like SMiShing is a shared responsibility, and both the individual and business owners need to take measures to  help protect themselves and their data.  

Unified Endpoint Management Solution

Helps organizations harness the power of highly secure mobility and improved device compliance.

Learn more

Defend yourself against SPAM and SMiShing

AT&T is vigilant about protecting customers from unsolicited text message spam but there is no simple fix to block these. As individuals, we can all take certain steps to help  protect ourselves such as:

  • If you are an AT&T customer, report them:
  • Other ways to report them:
  • Educate yourself:
    • Use these helpful tips to protect yourself
    • One of the best ways that you can guard against unsolicited messages is to be careful about where you distribute your wireless phone number. Example: If you sign up online to receive message alerts, be sure to understand that company's privacy policy concerning treatment of your wireless phone number, exactly what sort of messages you will receive, and how you can unsubscribe.
  • Use individual based tools:
    • For eligible devices, the AT&T Mobile Security app scans your mobile device and all apps for malware. It looks for Trojans, worms, spyware, and other suspicious software. Mobile Security scans on demand and when app installation occurs. If you select Monitor File Settings, Mobile Security also actively monitors your files. Learn how to get AT&T Mobile Security.

Help your business stay protected

Businesses are just as susceptible to SMiShing and arguably even more than an individual. Malicious actors target businesses to access large data sets of personal information stored by a company which can be far more valuable than any one individual user. Businesses need to be vigilant in protecting against these possible SMiShing attacks so that employees receive less of them and when they do accidentally click on them, which based on data they will, that confidential data isn’t compromised. 

  • Consider an enterprise grade mobile security solution to help  protect your mobile devices against all the key mobile threat vectors including device, application, network, and social engineering such as phishing attacks
  • Look for tools that allow you to centrally manage your mobile security through your IT or Security teams for all mobile devices accessing your company data (including BYOD)
  • Find a solution that has 24/7 enterprise-grade tech support since phishing attempts come in around the clock
  • Lastly, look for tools that will integrate with your other security products such as Unified Endpoint Management (UEM) or Mobile Device Management (MDM) tools that will alllow for automated remediation capabilities.

At AT&T, we recommend that customers use Unified Endpoint Management (UEM) with a Mobile Threat Defense (MTD) solution that will help protect against malicious links regardless of the source:  text message, chat, email, social media, etc.  AT&T offers both Unified Endpoint Management (UEM) and Mobile Threat Defense (MTD) solutions as well as security consulting and managed security services. To learn more, review our endpoint security solutions and contact us for help customizing a solution to meet your needs.

Share this with others

Tags: spam, smishing

Get price Free trial