Cybercriminals are increasingly targeting your smartphone through text message scams or what are also called “Smishing” attacks, and they’re difficult to stop. They send texts that trick you into doing something against your own best interests.
Texts can be put in three categories; those from people you know, those that are clearly ridiculous spam and those that are generally from businesses or other entities you do, or may have had some connection with. It’s this third type that you need to be wary of and to look for red flags.
Red Flags
One red flag is where there is a request to click a link, call or text a number, or simply reply. These types of requests are indicators that the message could be fraudulent. Be extremely careful in deciding to take any of these actions. If you’re unsure, don’t do it.
Another red flag is where you see spelling or grammatical errors in the message, or something else that seems somehow inappropriate for the circumstances.
The Goal
The end goal is that the sender is attempting to lure you into providing sensitive information such as your credit card number, account usernames and passwords. The intent is the same as email phishing attacks; these cybercriminals want to take over your bank account or steal your personal identity. Cybercriminals have chosen to target smartphones because a link in an SMS text can be more convincing to click on than in an email message.
What does a Smishing attack look like?
Most text message scams include a call to action that creates a sense of urgency such as this example:
Your Apple ID account has been locked due to unauthorised login attempts. Please login here and verify your information: bit.ly/1KVFRgf
It can include a text that asks for a donation based on a recent event, such as:
Your help is needed to meet our 2014 goal to eradicate ALS. Pouring water on your head isn’t enough! Please tap here to donate just $1, which will be deducted from your phone bill. And be sure to forward this text to your friends and family.
It can include a text that asks you to claim a prize, for example:
You have been selected for a FREE Bestbuy gift card worth $1000! Enter the code ‘FREE’ at www.bestbuy.com.bsxy.biz to get 1 now! Only 80 left. Text STP to stop.
Lastly, it can include a text about a mystery shopping job like this one:
Become a mystery shopper and earn $400 weekly. This position will not affect your current job. To apply, email full name and contact information to: admin@grimpinvestment.com
What can you do to avoid smishing attacks?
- Don’t open from suspicious numbers
- Don’t give out personal information
- Delete suspicious texts
- Mobile shop with reputable vendors
- Use different passwords and two-factor authentication
- Even if you receive a text message from a friend with a link, consider verifying with them before clicking the link
Concerned about your organization’s IT Security? BSC Solutions Group offers a range of Cyber Security protections. Give us a call today to find out how you can gain greater peace of mind.