At the One Click Root blog, we talk a lot about Android security. Frankly, Android security is at a frightening point. More and more hackers are targeting our favorite operating system, and that means your smartphone or tablet could be susceptible to an attack. In the past, most viruses attacked your Android through the installation of a seemingly harmless app. You might see a fun game or productivity app on the Google Play Store, for example, and then decide to install it on your device without reading anything about it. Before you know it, that app has stolen your information or installed adware on your device. But a new kind of malware infection is taking form: smishing. Smishing involves “phishing” for information through SMS text messages, which is why it’s called SMS phishing or smishing for short.

How does SMS phishing work?

With smishing, a malicious advertiser or hacker phishes for your information through text messaging. In most cases, the hacker gets your number through the installation of an app. Cell phone users install an app before receiving a text message soon afterwards. Sometimes, the text message arrives the same day you install the malicious app. Other times, it can take weeks to arrive. This makes it difficult to determine exactly which app caused the problem in the first place. However, the text messages all have something in common: they trick users into clicking on a malicious link. The text message might claim to be from your bank or even one of your friends. That text might ask you to change your password, verify some information, or even just watch a funny video on YouTube. The temptation to click on that link might be strong, but doing so would be a very bad idea. After clicking on that link, a number of different things might happen. Identity theft through SMS phishing You might be asked to verify a password through a form. If you enter your password into that form, you can expect that hackers will now have access to all your accounts that use that password. In more serious cases, you might be taken to a website that looks a lot like your bank’s website. However, instead of sending personal information to your bank, that website will simply steal the information it needs in order to access your account. Before you know it, you’re a victim of identity theft. Financial loss through SMS phishing Another way in which hackers use this scam to make money is to sign users up for “premium” text messages. After clicking on the link in the smishing message, that user is automatically signed up for premium text message newsletters. Since these texts could cost ridiculous amounts of money (like $2.99 per text message sent several times per day), the costs could add up very quickly.

Why does SMS phishing work?

There is one gigantic loophole that apps are using to exploit Android users around the world. That loophole is the fact that Android apps don’t have to ask for permission before sending text messages to users. In other words, any app can fake a text message. So you don’t necessarily have to give out your phone number to a suspicious website in order to start receiving text messages. Instead, it depends entirely on the apps you choose to download.

Conclusion – the best way to protect yourself

When you hear the word “smishing” you might think of Snooki and the Jersey Shore. But fortunately, smishing and smushing are completely unrelated. Here’s what you need to know about smishing: don’t click on any links you receive in a text message, even if they appear to be from a friend, your bank, or another trusted source. As soon as Android users stop falling for these attacks, hackers will stop launching them.