Dispatch from the Front May 01, 2022

Top
Newsletter 05/01/2022	Back to Contents A Printable PDF of this post is available here.

Another new stupid problem means another stupid word to learn

Yes, the miscreants have another method to annoy us and drive us crazy. It is like phishing, you know, like those emails we just delete as soon as a we see them. Yet, with the fact that everyone has a cell phone, and since those numbers are not really private, spammers have taken to using text messaging to spread their anxiety inducing CRAP!

Of course, someone in the digerati — whose sole job it is to mangle the English language — came up with a witty, I suppose, but indeed pithy, term for this new social malaise. The term is SMISHING. NO I am not drunk.

The technical term for text messaging is "short message service or SMS." To send a smish [ed. I just made that term up.], an attacker doesn't even need to know the actual phone number of the intended recipient. An attacker could automatically dial any 7, 10, or 11 random numbers. Studies show that "users read 98% of text messages and respond to 45%." This makes text very logical for hackers to use as an attack vector. The same study showed only 6% of emails receive responses. So smishing is probably good business.

Security professionals have denoted what clues exist that show that a text is a smish. They are, of course, quite obvious.

Smishing texts share some common characteristics with phishing emails. For example, a smishing message will normally:
✓ Convey a sense of urgency
✓ Contain a link
✓ Contain a request for personal information.

Another clue that a text message might be malicious is the sender’s phone number. Large organizations, like banks and retailers, will generally send text messages from short-code numbers. Smishing texts often come from “regular” 11-digit mobile numbers. Smishing messages might also be poorly-written or contain typos. However, don’t rely on these sorts of mistakes—typos in smishing messages are increasingly uncommon as fraudsters become more sophisticated.

So, on top of this load of bull, we have "vishing," which is not Swedish for wishing. We take the V from the word, VOICE. We add the ever present "ish." And we get voice phishing or "vishing." It has been noted that a vishing scam often begins with "with an automated message, telling the recipient that they are the victim of identity fraud. The message requests that the recipient call a specific number. When doing so, they are asked to disclose personal information. Hackers then may use the information themselves to gain access to other accounts or sell the information on the Dark Web."

Now, I know you all already know all this. But you may not have known that the digerati named these nuisances, annoyances, and pretty darn limp attacks. So now you can sound hip and cool just like the kiddies when discussing how much you have come to hate that smartphone and all its stupid accruements.

And I got a reason to use my really cool Wizard of Oz parody graphic.

There's always a method to the madness.

Gerald Reiff

Back to Top

previous post →

next post →