Definition

SMiShing (SMS phishing)

SMiShing is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. SMiShing is short for "SMS phishing."

David Rayhawk, senior researcher at McAfee Avert Labs, explains how SMiShing works in a blog post entitled 'SMiShing - an emerging threat vector:'
"Some cell phone users have started receiving SMS messages along these lines: 'We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order: www.smishinglink.com.' (This is an example and was not a real url at the time of writing)This phenomena, which we at McAfee Avert Labs are dubbing "SMiShing" (phishing via SMS), is yet another indicator that cell phones and mobile devices are becoming increasingly used by perpetrators of malware, viruses and scams.

While some might recognize this as a scam, many unsuspecting users would not. Fearful of incurring premium rates on their cell phone bill, they visit the Web site highlighted in the message. Once they arrive at the URL, they are prompted to download a program which is actually a Trojan horse that turns the computer into a zombie, allowing it to be controlled by hackers. The computer then becomes part of a bot network, which can then be used to launch denial of service best practices for mobile device security management should include:

  • Policies that help to address phishing.
  • Security software to address viruses and other malware.
  • A way to use over-the-air updates to re-image devices and recover data.

Users are advised to be as vigilant about security for their mobile devices as they are for desktop computers.

This was last updated in January 2007
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchMobileComputing.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

  • Mobile device security demands surpass reality, survey says

    It's no surprise that mobile device security was top of mind in our recent reader survey. Find out what's missing and what IT pros are asking for in mobile security products.

  • Fingerprint recognition and mobile security

    Fingerprint recognition technology for mobile devices is posed to become the preferred user authentication solution mobile device security. In this Technical Note from the Farpoint Group, you'll see why Fingerprint recognition is likely to become the methodology of choice for all aspects of mobile security across a broad range of applications and usage scenarios.

  • Traditional security threats coming soon to mobile device near you

    Browser exploits, botnets and more will soon be coming to mobile devices, according to a report from the Georgia Tech Information Security Center. Knowing the key threats can help ward off the greatest dangers.

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: