What is Smishing? Combating text-based phishing attempts

Have you ever heard of the term “smishing”? You might be familiar with the term “phishing”, which refers to the fraudulent practice of sending emails containing malicious links to acquire personal information. Smishing is similar to phishing, except it happens on your phone through text messages.

Smartphones have become essential to our lives due to their convenience and functionality. However, scammers are also aware of the increasing use of phones for commerce and are trying to obtain passwords, credit card details, and other personal information stored in your phone to steal your identity. They target data stored in apps used for banking and shopping. It is important to be vigilant in protecting your personal data from such scams.

• Some of the features of smishing are similar to those of phishing attacks.
• Words often misspelled
• Grammar errors
• Refers to an account you haven’t used lately
• Package/product you didn’t order
• Urges you to act fast
• Originates from unknown phone numbers frequently repeated, often late at night – phone numbers might not be formatted in the typical way
• Weird-looking links that don’t match the name

 

Smishing attempts usually fall into specific categories:

You’ve Won! Be wary of scams that claim you’ve won a contest or giveaway. They often use messages that say “Congratulations!” and ask you to click on a link to claim your prize. However, the link could lead to a website containing malware, infecting your device and compromising your sensitive information. Stay aware of these tricks, and always be cautious when clicking on links from unknown sources.

 

Confirmation smishing scams use fake confirmation requests to trick you into giving away sensitive information. This could be for an online order, an upcoming appointment, or an invoice for business owners. The message may contain a link directing you to a site that asks you to input login credentials or other sensitive data to verify your appointment or purchase.

 

Customer support smishing scams send smishing texts posing as any company a person may trust — not just banks or credit card companies. They may pose as representatives from online businesses or retailers notifying you of an issue with your account. They’ll provide directions to solve the problem, typically including going to a fake site infected with spyware to record any information you type in.

 

Financial/banking services smishing scams leverage the fact that more and more people are managing their finances online. These smishing messages pose as legitimate and trustworthy banking institutions to get you to compromise sensitive data like Social Security numbers, addresses, phone numbers, passwords, and emails. Example: ATTENTION! Reactivate your credit card using this link NOW.

If You Get a Smish:

• Do not reply. That alerts the sender that the number is active.
• Do not open links from unknown numbers or unsolicited, unexpected texts.
• If you think the message may be legitimate, contact the sender at a verified phone number or website to check.

 

Other Tips to Keep Your Information Safe: 

• Have a locking code or face ID activated on your phone.
• Don’t store sensitive information like passwords, credit card numbers, and social security numbers on your phone.
• THINK BEFORE YOU ACT. 
• Don’t use public wifi, especially if you are using a credit card for a transaction or entering sensitive personal info. Hackers can intercept your data from these networks.
• Don’t set up apps to automatically log you in; be sure to log out of apps once you are done using them.
• Always keep track of your phone – don’t leave it where just anyone can access it. Consider loading the Find My iPhone app or Lookout for Android phones to help you find a phone if one goes missing.
• If your phone disappears, call your provider and tell them it is lost or stolen. If you store credit card or other sensitive information on your phone, contact your bank or card servicer immediately.