The photos on your phone are irreplaceable – back them up!
January 7, 2022
Google it… like a pro!
February 9, 2022
A new attack that is becoming very popular is one called “Smishing.” Smishing is an attempt to collect login information or other sensitive data using a malicious text message.
What exactly is Smishing?
Through a simple text message criminals attempt to trick you into clicking on a link that you shouldn’t, or trick you into revealing personal details or account login information. It is named after the popular email scam called phishing that refers to criminals who “fish” for a response that leaves the victim vulnerable to various threats. In this case, the dangerous message arrives via SMS, direct to your phone, which might actually make you more likely to fall for the scam.
These smishing attacks can be very serious. They may involve someone gaining access to your bank account, credit card account, or taking over your social media accounts. Knowing the warning signs, what exactly to look out for, and the preventative steps to take can help you avoid becoming a victim.
So how does Smishing work?
Smishing attacks arrive via SMS text message, though they can also pop up on messaging platforms (like WhatsApp and Instagram/Facebook Messanger). They will usually come with a link that you’re supposed to click on, or they might ask you for a direct response, but you will need to take some action to be affected by the attack. Simply receiving the message itself doesn’t expose you or your data.
Example #1
You will be sent a message asking you to download an app or run an app in your web browser. The app itself will contain a virus or keylogger.
Example #2
They send you a link to a shady website, maybe even one that has been mocked up to look like a legitimate and well-known company website or social media network. You will be prompted to enter your username and password.
Example #3
Some even send messages asking you directly for your personal or financial details. Including prompts to reply to the message with your bank details or login details for a certain website, etc.
The warning signs to look for
I will start by saying the obvious – always be wary of any links arriving via text message. If you do not 100% know the sender, never click the link! Never.
I cannot really offer a totally foolproof guide to help you spot every single smishing attack you might come across, but there are some red flags you should look out for. Things such as:
- Messages coming from numbers that don’t seem correctly formatted.
- Messages that contain unusual characters.
- Individuals and companies rarely send messages with embedded links, they also usually don’t appear out of nowhere or unsolicited. If these are authentic, they usually show up only when you are trying to verify an account, making a specific inquiry, or are engaged in an active conversation with someone.
- Be wary of messages with a sense of urgency. Imposing time limits makes you less likely to think about what you are doing or about to do.
- Freebies and giveaways are common methods of attack – think “win a free gift card” or “click here in the next 5 minutes for a free item.”
- Some come as warnings like “your account has been suspended” and you need to click to verify or change a password.
The bottom line is that smishers want you to take immediate action and do SOMETHING.
So how do you keep your devices protected?
The security advice I have for guarding against smishing isn’t much different from the advice I give for protecting your devices against any other kind of threat.
The two main things you can do are:
- Keep your phone’s software up to date
- Keep your phone’s web browser up to date
Why? Your device is constantly being patched and updated to guard against these attacks. Make sure everything is kept up to date! If you can set them to auto-update, do so.
Also, if you are having any doubts about the legitimacy of a message, get in touch with the supposed sender directly. For example, did you get a supposed message from your bank? Well, contact your bank through another channel (email, phone, etc.) and ask them if they sent the message to you.
Never be in a rush to reply to messages that seem at all suspicious. Heck, delete them and don’t respond or click at all! Smishing messages will encourage a speedy response—don’t take the bait.
Need help or assistance? Contact TeCHS!
