Phishing me SMS (Smishing)

Fillestar 12 min Inxhinieria Sociale

Hyrje

Smishing is phishing carried out over SMS or other mobile messaging channels and is growing rapidly because mobile devices offer fewer visual cues for spotting fraud.

Teoria

A typical smishing text claims to be from a delivery company ("Your package is being held at customs, click here to pay a small fee"), a bank ("Unusual login detected, verify now"), or a government agency ("Tax refund available, complete the form"). The link leads to a mobile-optimized phishing page that is hard to inspect on a small screen — the URL bar is short, there is no visible certificate, and the page looks convincing without the usual desktop scrutiny cues. Smishing works because SMS bypasses many email filters, because phone numbers are easier to spoof than email addresses in many countries, and because people treat mobile messages with less skepticism than email. Variants include voice phishing (vishing), where an attacker calls claiming to be tech support or a bank, and MFA fatigue (push bombing), where the attacker repeatedly triggers MFA prompts until the victim taps approve just to make it stop. Defenses include carrier-level filters, mobile security apps, and user education focused specifically on the mobile experience. Organizations should train staff to report smishing attempts to their security team just like email phishing, and should never require sensitive actions through SMS-only channels. If it matters, it should go through an authenticated app or a verified phone call initiated by the user.

Mjetet

Mjete:

  • Provider legjitim si Twilio, Vonage (për kampanje ligjore).
  • SMSHub, Gammu-smsd — për lab.
  • URL shortener check: unshorten.it, unfurl.

Praktika

Shembull SMS phishing tipik:

"Paketa juaj është bllokuar në Postën Shqiptare. Klikoni: https://psh-ai.xyz/track"

Përgjigje me mbrojtje:

  1. Kurrë mos klikoni linqe nga SMS i paparashikuar.
  2. Verifiko nga kanalet zyrtare (app, web, telefon zyrtar).
  3. Aktivizo 'Silence Unknown Callers' dhe SMS filtering në iOS/Android.

Ushtrime

  1. Identifiko 3 SMS phishing reale në inbox-in tënd. Dokumento domain-et dhe IP-në.
  2. Raporto tek operatori (Vodafone AL — 141, A1 — 109, etj.).

Burime

  • GSMA Fraud Forum.
  • AKEP (Autoriteti i Komunikimeve Elektronike dhe Postare) — Shqipëri.

Vlerësimet dhe komentet

Kyçu për të lënë një vlerësim.

Ende pa komente. Bëhu i pari!

Diskutime

Ende pa diskutime. Hap një temë të re