As a general rule, if someone asks you for your mobile phone number for no apparent reason, do not give it out – especially if it is an unknown person on the Internet! Because the number can be used to find out more than you can imagine – and more than you would like.
The information collected can be used to launch targeted smishing attacks. Smishing is a special form of phishing, but not via e-mail, but via SMS. Victims receive a text message in which they are usually asked to click on a link and provide personal information. Or, by clicking on a link, the victims unknowingly download a malicious program onto their smartphone.
The tricky part is that the attackers collect personal information about their victims before sending the SMS. This enables them not only to send a simple smishing SMS, but also to launch a spear-smishing attack. That is, a targeted attack where criminals have collected personal information about the victim in advance. This way, they manage to make an SMS look deceptively real, so that trust is created and the link is clicked.
Why are spear-smishing messages particularly dangerous?
A smishing SMS is particularly dangerous. Victims often fall for this scam. The reason is that text messages are read quickly on the smartphone and are usually perceived as genuine. People rarely question the sender and content of the SMS – after all, the small messages are not known to carry malware or spam.
In short, a well-made smishing message is often successful. For example, if the sender pretends to be a logistics service provider and you can click on the link in the SMS to call up the supposed shipment status of a delivery. Anyone who orders regularly is familiar with such services and will unsuspectingly click the link.
What information about me can be obtained from the mobile phone number?
When a cybercriminal wants to launch a spear-smishing attack, he first collects information about his victims to make the text message look authentic and thus deceptively real.
If the cybercriminal gets it right, he may manage to obtain the following information via the number:
- Current and past residences
- Names of relatives
- social media profiles
- Email address
- Vehicle license plate number
- Travel plans
- and much more…
This is exactly the kind of information that can be used to launch extremely convincing spear-smishing attacks.
Smishing attack: what you can do
As always in cybersecurity, the same applies to a spear-smishing attack: forewarned is forearmed. If you recognize an attack directly, you have nothing to fear.
So always check the sender of a text message and consider whether you can say with certainty that it is a genuine text message from a trusted sender. Knowing about the info a cyber criminal can find out about you with your number will help you assess incoming SMS even better.
Ready for a little security test away from your smartphone – but in your mailbox? Then register for our free phishing demo!
In the coming weeks, you will receive a total of four phishing e-mails and, at the end of the demo, an evaluation of whether and on which e-mails you clicked on links.