Smishing attacks see a sharp increase ahead of Black Friday

Shutterstock
(Image credit: Shutterstock / ImYanis)

The amount of text phishing or smishing attacks have almost doubled when compared to last year's holiday shopping season as cybercriminals are increasingly preying on Black Friday and Cyber Monday shoppers.

According to Proofpoint, over two-thirds of all SMS messages sent worldwide are related in some form to either an order delivery or consumer retail brand. As consumers have become more familiar with interacting with businesses over text messages, cybercriminals have jumped at the opportunity to impersonate popular brands and delivery companies over SMS.

They are now using smishing attacks that claim to be from reputable companies as lures in an attempt to steal payment information and personal details from unsuspecting targets.  While many of these lures request credit card information to resolve an issue supposedly related to the purchase or delivery of a nonexistent item, attackers also attempt to steal personal information through an enticing URL or landing page in other cases.

In a new blog post, Proofpoint highlights an “Early Bird Black Friday” package deliver smishing attacks where the landing pages presents an authentic looking package notification. However, clicking on the “Find My package” button and continuing further on the site leads to requests for personal information from the potential victim including their name, postal information and email address.

Switching from email to SMS

Although email users are gradually learning that opening attachments from strangers, clicking on questionable links and visiting webpages with multiple redirects are risky behaviors, the same can't be said for mobile users who aren't nearly as cautious. 

For instance, text messages have a 98 percent open rate and recipients open 90 percent of their messages within three minutes. At the same time, text messages have an eight times higher click-thru rate when compared to email.

To avoid falling victim to smishing or other SMS-based scams this holiday season, mobile users should be alert and skeptical of any unexpected or unrequested holiday-based awards, prices and offers as well as wary of any package deliver notifications.

Proofpoint recommends that mobile users be on the lookout for suspicious text messages, carefully consider the risks before giving out their mobile phone number to businesses, avoid opening links in messages directly and instead copy them to their browser and be careful when downloading and installing new software to their Android smartphone or iPhone.

We've also featured the best identity theft protection and best malware removal software

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
mobile phone
Forget phishing, now "mishing" is the new security threat to worry about
Close up of a business person using a smartphone.
Watch out, malicious PDF files are being used again in phishing attacks
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
A scam text from a Post Office delivery
Fake parcel delivery texts are the fastest-growing phishing scam this holiday season – here’s how to avoid them
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough