What is SMishing?
Text message send by cyber criminal to get personal information, bank/credit card details or login credential.
Below are the examples for fraud or scam text messages.
Below are the examples for fraud or scam text messages.
 |
| Scotiabank SMishing |
 |
| Rogers SMishing |
For more details:
[1] https://www.howtogeek.com/526115/what-is-smishing-and-how-do-you-protect-yourself/
[2] https://chandraktrivedi.blogspot.com/2018/06/phishing-main-source-for-cyber-attack.html
[1] https://www.howtogeek.com/526115/what-is-smishing-and-how-do-you-protect-yourself/
[2] https://chandraktrivedi.blogspot.com/2018/06/phishing-main-source-for-cyber-attack.html
How to Mitigate SMishing technique?
Procedures
Step I: Do not click on the link if you are not expecting such text messages.
For example: If you don't have account with Scotiabank or Rogers so this messages should be ignored.
Step II: If you clicked the link, please verify few important details on the web page before entering personal or banking information.
- Dangerous - Means someone has already flagged this website as phishing or used for bad purposes. Additionally, verify the web page has "Lock" or "Secure" sign beside the website name.
- Confirm that website name matches legitimate company website such as *.scotiabank.com.
- Identify the page as suspicious since only "Login Information" is displayed.
 |
| Phishing Site |
Step III: If you determine that SMS received is fraud or scam, please "Report Scam" to text message. Additionally, block the number so that you do not received more messages.
Step IV: It would be very much appreciate if you took an additional step to protect more individuals to report the website to Google, Microsoft or more.
Phishing can be submitted using following links:
Phishing can be submitted using following links:
Once, this website are submitted there is an additional layer provided from provider which displays "Dangerous or Risk".
 |
| Additional Layer |
**Following step are relevant to Security Analyst
***Analyst has to complete all above steps as well.
Step V: Analysis the new Domain/IP address/website on multiple threat intelligence sources.
Few examples:
VirusTotal: https://www.virustotal.com/gui/url/9fc2695d7932cb3b32adde689804fd8573c680b7d911cc453590b7a011f33c22/detection
PhishTank: https://www.phishtank.com/phish_detail.php?phish_id=6368708
URLScan: https://urlscan.io/result/b9d6a21e-b932-4579-ba0d-fa314902c2ee/
PhishTank: https://www.phishtank.com/phish_detail.php?phish_id=6368708
URLScan: https://urlscan.io/result/b9d6a21e-b932-4579-ba0d-fa314902c2ee/
*Please comment if you have more*
After submission, most of the tools will flag as phishing which will help in mitigating the risk.
Step VI: (Optional) Inform the company via Social Media
Conclusion
Sooner the phishing websites are detected, more victims are SECURE and SAFE.
