Phishing scams have become an all too familiar weapon used against businesses and individuals, and are a type of fraud that can come in many different forms. These scams not only employ various online techniques, such as fake emails and pop-up ads, but can also include phone calls. Often, the people behind these scams use fear tactics, in order to get their victims to take the bait. As Norton points out: "Phishing is essentially an online con game, and phishers are nothing more than tech-savvy con artists and identity thieves. They use spam, malicious websites, email messages and instant messages to trick people into divulging sensitive information." Banking information, along with credit card accounts, usernames and passwords, are just some of the information phishers seek to exploit.

And now we have 'smishing' to contend with. For those who are yet to encounter this form of attack, here are some of its hallmarks. "Put simply, smishing is any kind of phishing that involves a text message. Often times, this form of phishing involves a text message in an SMS or a phone number," states Norton.

Smishing is particularly scary, it adds, because quite often people tend to be more inclined to trust a text message than an email. Most people are aware of the security risks involved with clicking on links in emails. This is less true when it comes to text messages.

Smishing uses elements of social engineering to get people to share their personal information. "This tactic leverages your trust, in order to obtain your information. The information a smisher is looking for can be anything from an online password, to your Social Security Number, to your credit card information. Once the smisher has that, they can often start applying for new credit in your name. That's where you're really going to start running into problems."

Another option used by smisher is to say that, if you don't click a link and enter your personal information, that you're going to be charged per day for use of a service. "If you haven't signed up for the service, ignore the message," advises Norton. "If you see any unauthorised charges on your credit card or debit card statement, take it up with your bank. They'll be on your side."

HOW TO KNOW IF YOU'RE BEING SMISHED
In general, don't reply to text messages from people you don't know. That's the best way to remain safe. "This is especially true when the SMS comes from a phone number that doesn't look like a phone number, such as a '5000' phone number. This is a sign that the text message is actually just an email sent to a phone. You should also exercise basic precautions when using your phone. Don't click on links you get on your phone, unless you know the person they're coming from. Even if you get a text message with a link from a friend, consider verifying they meant to send the link before clicking on it. A full-service Internet security suite isn't just for laptops and desktops. It also makes sense for your mobile phone.

A VPN such as Norton Secure VPN is also one advisable option for your mobile devices. This will secure and encrypt any communication taking place between your mobile and the Internet on the other end. "Never install apps from text messages. Any apps you install on your device should come straight from the official app store. These programs have vigorous testing procedures to go through before they're allowed in the marketplace. Err on the side of caution. If you have any doubt about the safety of a text message, don't even open it."

Almost all of the text messages that you get are going to be totally fine. However, it only takes single rogue message to compromise your security. With just a little bit of common sense and caution, you can make sure that you don't become a victim of identity theft.

WHAT SMISHERMEN USE AS BAIT
As Kapsersky Labs points out, texting is the most common use of smartphones - and so a rich source of pickings for smishers. Experian found that adult mobile users aged 18 to 24 send more than 2,022 texts per month-on average, that's 67 per day-and receive 1,831. "A couple of other factors make this a particularly insidious security threat," warns Kaspersky. "Most people know something of the risks of email fraud. You've probably learned to be suspicious of emails that say 'Hi-check out this cool link' and don't contain an actual personal message from the supposed sender.

"When people are on their phones, they are less wary. Many assume that their smartphones are more secure than computers. But smartphone security has limitations and cannot directly protect against smishing. As noted by WillisWire, cybercrime aimed at mobile devices is rocketing, just as mobile device usage is. However, while Android devices remain the prime target for malware-simply because so many of them are out there; and the platform offers greater flexibility for customers (and cybercriminals!)-smishing, like SMS itself, works cross-platform. This puts iPhone and iPad users at particular risk, because they often feel they are immune to attack."

Although Apple's iOS mobile technology has a good reputation for security, no mobile operating system can by itself protect you from phishing-style attacks, argues Kaspersky. "Another risk factor is that you use your smartphone on the go, often when you're distracted or in a hurry. This means that you're more likely to get caught with your guard down and thus respond without thinking, should you receive a message asking for bank information or to redeem a coupon."

The good news is that the potential ramifications of these attacks are easy to protect against. In fact, you can keep yourself safe by doing nothing at all. "The attack can only do damage if you take the bait."

No financial institution or merchant will send you a text message asking you to update your account information or confirm your ATM card code, reiterates Kaspersky. "If you get a message that seems to be from your bank or a merchant you do business with, and it asks you to click on something in the message, it's a fraud. Call your bank or merchant directly, if you are in any doubt. Remember that, like email phishing, smishing is a crime of trickery - it depends on fooling the victim into cooperating by clicking a link or providing information. Indeed, the simplest protection against these attacks is to do nothing at all."

As technology has developed and evolved, the ways in which scammers try to target people has developed with it, comments the Financial Ombudsman Service (FOS). "From fake websites to text messages that appear to be from a legitimate source, scammers will try a variety of ways to get personal information from you, in order to take money from your accounts, use the details you share to pretend to be you, or to sell on. As well as use of technology, we also see scammers trying to manipulate or exploit situations to build trust or create panic, to try to get people to divulge information over the phone, and sometimes even face to face.

MULTIPLE TARGETS
The FOS sees a wide variety of circumstances in the complaints that are referred to it and not just related to banking - "we know that fraudsters also look to target pensions, investments and insurances, too". The industry regulator, the FCA, has information on its website about avoiding investment and pension scams, while the Association of British Insurers offers tips on how to avoid insurance-related scams.

"It's particularly important to be vigilant at the moment, as a major event like the Covid-19 (coronavirus) outbreak can lead to new types of scams emerging," cautions the FOS .It cites how Action Fraud, the UK reporting centre for fraud and cyber-crime, has recently reported an increase in Covid-19 related fraud and scams, especially with so many people are remotely and from home - and hence more exposed and vulnerable.

For those whose minds are buckling from the overload of scamming terms in circulation, Webroot has tried to simplify the process. "If you're at all concerned with the latest techniques cybercriminals are using to defraud their victims, your vocabulary may be running over with terms for the newest tactics," it says. "Here's a brief refresher to help keep them straight."

MANY WEAK POINTS
Smishing, as described above, uses text messages to extract the sought-after information

Vishing is when a fraudulent actor calls a victim pretending to be from a reputable organisation and tries to extract personal information, such as banking or credit card information

Phishing is any type of social engineering attack aimed at getting a victim to voluntarily turn over valuable information by pretending to be a legitimate source. Both smishing and vishing are variations of this tactic.

Webroot has singled out the following smishing techniques to watch out for:

Sending a link that then triggers the downloading of a malicious app. Clicks can trigger automatic downloads on smartphones, the same way they can on desktop internet browsers. In smishing campaigns, these apps are often designed to track your keystrokes, steal your identity, cede control of your phone to hackers or encrypt the files on your phone and hold them for ransom

Linking to information-capturing forms. In the same way many email phishing campaigns aim to direct their victims to online forms, where their information can be stolen, this technique uses text messages to do the same. Once a user has clicked on the link and been redirected, any information entered into the form can be read and misused by scammers

Targeting users with personal information. In a variation of spear phishing, committed smishers may research a user's social media activity, in order to entice their target with highly personalised bait text messages. The end goal is the same as any phishing attack, but it's important to know that these scammers do sometimes come armed with your personal information to give their ruse a real feel.

Referrals to tech support. Again, this is a variation on the classic tech support scam or it could be thought of as the 'vish via smish'. An SMS message will instruct the recipient to contact a customer support line via a number that's provided. Once on the line, the scammer will try to pry information from the caller by pretending to be a legitimate customer service representative.

The ultimate message is to treat more or less everything as suspect, until it's proved it isn't. That way, your chances of staying 'unsmished, unvished and unphished' will be significantly increased.