Phishing via email is now part of our everyday lives. But fraudulent messages also arrive on cell phones via SMS: smishing . The term smishing is a combination of phishing and SMS and describes an attack method through which information and data are accessed using misleading SMS. The aim is to lure out sensitive data from the user, such as access data for online banking, or to penetrate the smartphone using malware/malicious software.

Fishing for passwords sounds more harmless than it actually is. Phishing is the beginning of a variety of crimes, ranging from “simple” data theft to illegal account debits to attacks on critical infrastructure. In the past, for example, the BSI also reported on phishing attacks on European and US energy suppliers - including nuclear power plant operators.

Mimikama note: On the website haveibeenpwned.com you can immediately check whether your email address and telephone number have already been intercepted.

Spear phishing: Not all phishing emails end up in your inbox as a result of an untargeted wave of spam: so-called spear phishing is aimed specifically at specific companies or organizations. That's why such phishing emails often require a lot of effort and meticulousness to be tailored to a very specific recipient. In such cases, the people behind them usually belong to an internationally organized group of cyber criminals. Spear phishing is often just the start of a phased chain of attacks, which often involves financial fraud, but also the skimming of trade secrets or military information.

Phishing – beware of the camouflage!

Disguised as a reputable bank, Internet provider or other service provider, spam emails with a fake sender, for example, ask the recipients to update their personal data. For example, the imminent expiration of a credit card is used as a pretext for confirming account information. Or the password needs to be renewed due to an alleged security incident. The criminals speculate that there will always be enough customers of the organization named by the sender among the recipients of a wave of spam. No wonder that the name of large banking groups such as the savings banks or Volks- und Raiffeisenbanken is so often misused for phishing spam.

Also read: False SMS from the Federal Ministry of Finance leads to a multi-bank trap

Phishing: imitating websites to perfection

Both the phishing email itself and the website to which a link in the text refers are usually carefully imitated. Cyber ​​criminals know their stuff. All too often they succeed in convincingly feigning authenticity through professional imitation of the corporate design, including the logo, colors and fonts of the respective organization. This makes it easier for unsuspecting recipients to be tricked into clicking on a link in the email - especially since it is often hidden behind a perfectly designed button. Now the scammers have their victims exactly where they want them: on the fake website of an organization that is widely recognized as trustworthy.

Phishing on social networks

Posts on social networks, like the link in the spam email, can lead to a fake website. It is not so much banks or large service companies that are misused as fictitious senders, but rather well-known brand names. However, the goal of the phishing scammers remains the same - namely to gain trust and access personal data .

Smishing – fraud via SMS

Smishing – phishing via SMS – is another attack variant used by cyber criminals. The primary goal is to access access data and misuse it for further fraud. The text messages usually come from alleged parcel services that contain shipment tracking, problems with parcel delivery or online shopping platforms that contain a payment request.

The top priority is caution! First, think carefully about whether you are expecting a package and don't let yourself be put under pressure. For example, pay attention to spelling errors (especially umlauts such as ö, ä, ü) in the SMS and strange character sequences within the links. If in doubt, do not click on these links in the SMS.

Source: Federal Office for Information Security

Matching:  subscription trap! With SMS for alleged package tracking


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )