I guess most people have heard about Phishing. In case you haven’t, it is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”
To get Smishing, take the Phish and mix mash it with SMS. Basically, Smishing is simply doing Phishing with SMS rather than email. So why the change in the medium of delivery? Because Texting is the most common use of smartphones. Also, most people are less security conscious when on their mobile phones and are more distracted.
A good example of a smishing scam is what we have above. Note that they can come with malicious links but this scam chap does it the old school way. He sends a text during rush hour when most people are just getting to the office. He’s a very nice guy, says his “Gdmorning” and introduces himself as an old acquaintance from NYSC days (can you remember all the blokes and dudes in your platoon? what about your primary assignment?). Since most of us have poor memories he’s counting on the fact that we would have likely forgotten.
Now, this SMS was very targeted. It got the recipient’s name spot on. This is not a hard thing to get, simply surfing through a target’s social media accounts can reveal a lot. You can get the full name, Phone number, and NYSC details (yeah, a lot of people take passing out pictures with their NYSC certificates, and reading comments will reveal where they served). A little more surfing can reveal whether the target is employed or looking for a job, if the latter, then the trap is sprung.
So, here is an engagement with the scammer; below are the recorded conversations.
This is a typical run of the mill employment scam. A scammer reaches out to someone desperate for a job, promising that he has a contact that can provide a juicy job offer. But first, the applicant has to pay a certain amount to secure his/her position. As you can hear from the recordings, the scammer was very eager to send his account number.
How do you safeguard your self from something like this? First, always remember that no genuine employer will ask you for money to process your employment. Second, be suspicious of any job offer that promises outlandish salaries. Third, don’t overshare on social media and/or any other online platform. Forth, always be on alert and verify everything. A simple verification of the message above would be to run the sender’s mobile number through an app like Truecaller to see if the number has been flagged as spam. Also, pause and think. Why is this old corp member mate just reaching out to me now out of the blue? How well do I know this person?
Finally, always remember that because someone knows some of your info doesn’t mean they are legit. Probably your personal information could have been leaked by a third-party service you subscribed to. So assume the worst, be skeptical and scrutinize thoroughly to protect yourself from being scammed.