The Rise of Smishing Attacks: FBI Issues New Warning
Did you get a text about an unpaid toll charge recently?
The FBI has issued a stark warning about the rise of smishing (SMS phishing) attacks, emphasizing that cybercriminals are increasingly using text messages to trick individuals into clicking malicious links. Unlike traditional phishing emails, smishing attacks leverage the trust people place in text messages, making them an effective tool for threat actors.
According to the FBI, threat actors are using smishing to distribute malware, steal personal and financial data, and gain unauthorized access to enterprise systems. These attacks often impersonate banks, government agencies, delivery services or even internal corporate IT departments to deceive victims. Once a target clicks on a malicious link, they are directed to fraudulent websites designed to harvest credentials, install malware or exploit their devices.
Why Is Smishing Growing So Rapidly?
The explosion of smishing attacks is driven by multiple factors:
- Increased Mobile Usage: People rely on smartphones for banking, communication and work, making them prime targets.
- Email Security Bypassing: Traditional email filters are ineffective against SMS-based attacks.
- Psychological Manipulation: Urgent, time-sensitive messages (e.g., “Your bank account has been locked! Click here to verify.”) pressure victims into action.
- Automation and AI: Cybercriminals are leveraging AI-driven tools to craft highly targeted and believable messages at scale.
Given this escalating threat, it’s critical for individuals and organizations to understand how to protect themselves.
How to Protect Yourself from Smishing Attacks
Here are the following best practices to stay safe:
1. Be Skeptical of Unexpected Text Messages
- Do not click on links or respond to texts from unknown senders.
- Even if a text appears to come from a legitimate source (your bank, a delivery company or a government agency), verify it directly by visiting their official website or calling their customer support.
2. Watch for Common Smishing Red Flags
- Messages that create a sense of urgency (e.g., “Act now or your account will be locked!”)
- Poor grammar, misspellings or generic greetings (“Dear Customer”)
- Unusual sender numbers, especially short codes you don’t recognize
3. Enable Multi-Factor Authentication (MFA)
Even if credentials are stolen through a smishing attack, MFA can prevent cybercriminals from accessing your accounts.
4. Use Security Software and Keep Devices Updated
Ensure mobile devices have security apps installed and regularly update your phone’s operating system and apps to patch vulnerabilities.
5. Report Smishing Attacks
Forward suspicious messages to 7726 (SPAM) and report incidents to the FBI’s Internet Crime Complaint Center (IC3).
How Protective DNS Can Stop Smishing Before It Becomes a Threat
While user awareness is essential, a proactive security approach is necessary to prevent smishing attacks from succeeding in the first place. This is where Protective DNS plays a crucial role.
When a user clicks a malicious link in a smishing message, their device sends a DNS request to resolve the fraudulent domain. Protective DNS solutions like Infoblox Threat Defense™ can block these requests preemptively before the user ever reaches the harmful site, preventing:
- Credential theft from phishing pages
- Malware downloads designed to infect mobile devices and enterprise networks
- Command and control (C2) communication, stopping attackers from maintaining access to compromised systems.
How Infoblox Goes Beyond Basic Threat Detection
Infoblox takes a proactive, infrastructure-based approach to cybersecurity by focusing on identifying threat actor infrastructure rather than just individual phishing or smishing domains. Many security solutions operate at the “drug dealer” level—blocking individual domains as they appear. However, Infoblox operates at the “drug cartel” level, identifying and disrupting entire threat actor groups and their infrastructure, including traffic distribution systems (TDS).
Similar to regular internet advertisement technologies like Google AdSense, TDS are sophisticated systems cybercriminals use to deliver the right content to the most vulnerable victims while keeping threat research teams in the dark. This malicious form of adtech is achieved by leveraging massive DNS redirections, browser profiling and usage of decoy sites. Malicious adtech operators are hard to disrupt and protect their infrastructure by constantly rotating their domains with high reputation domains making traditional indicator-based detections ineffective. Infoblox combines trillions of DNS telemetry events, expert-tuned data science and research by our unique DNS-focused Threat Intel team to preemptively block entire TDS networks, significantly reducing the effectiveness of malicious threat actor campaigns before they reach victims. The numbers speak for themselves. On average, we can stop DNS-based attacks 63 days before the rest of the industry, with an astoundingly low false positive rate of 0.0002%.
Final Thoughts: A Multi-Layered Approach Is Key
Smishing is a growing cyberthreat and, as the FBI warns, individuals and organizations need to stay vigilant. User awareness in addition to a layered defense approach is needed:
- User education to recognize and report smishing attempts
- Multi-Factor Authentication (MFA) to protect accounts
- Protective DNS to block malicious domains before they can cause harm
- Threat intelligence that focuses on threat actor infrastructure to stop attacks at scale
Infoblox is here to help. Contact us for more information on how to incorporate protective DNS into your cybersecurity strategy.
