6 Tips to spot Smishing
Just when we’ve gotten more savvy at recognizing phishing in our email, along comes smishing. You’ve probably already been confronted by this on your phone. Increasingly, cybercriminals are using text messaging (SMS -> SMiShing) to defraud their victims.
There are several reasons for this shift toward targeting phones. More people are relying on their phones to shop and do their banking, especially during the COVID-19 pandemic, giving bad actors greater opportunity. Also, our phones have become indispensable and ever-present in our lives – in some ways they’re like an extension of ourselves. Since our phone is such a personal device, it’s difficult and jarring imagining it as a threat vector capable of emptying your bank account.
By and large our texting communication is less formal than email and more likely to take place between friends and acquaintances. The result is that we’re less vigilant with text messages. We must change our behaviour around this!
Is your phone network asking for details?
You’ve likely already gotten text messages from your phone network warning you of roaming rates when leaving the country. However, like banks, networks won’t ever ask you to confirm or verify your identity or details. If you get a “security” text asking for your password or other details, do not click on the link or the phone number provided. Simply delete the message or check with your network using contact information from their website.
“Business” phone numbers in texts may not be real.
Smishing attacks will often contain “toll-free” numbers that appear to be from a real business – don’t be fooled! These numbers are easy and cheap to set up. Once you call the number, you’ll be asked to confirm details giving criminals access to personal information.
Don’t text “STOP” if you’re being spammed
If you’re getting repeated texts with instructions to text back with “STOP” to cut off the emails, don’t. This simply confirms to the spammers that you’re there, and they’ll increase their attacks. Contact your network to block SMS from specific numbers.
Don’t fall for “special offers” – especially ones that say “act fast!”
Phishers will send out SMS attacks in the form of “special offers” from big companies – such as a $1,000 gift card, with only a limited amount available, and you have to click a link to win. However, the website won’t be genuine – and you’ll end up installing malware, rather than winning a shopping spree. High value “special offers” that sound too good to be true usually are. Think first and think hard before clicking on a link.
Is your bank asking for “confirmation details”
Sometimes Your bank may text you – perhaps to confirm a credit card transaction – but bank texts will never ask you to confirm details, or for passwords. They also won’t ask for this information in order to update their app. If you’re suspicious, don’t click links, don’t call any numbers in the text. Instead, contact your bank using methods listed on their website.
“Your phone is infected!” No, it’s not.
Some SMiShing scams use a fake “security alert” to scare users into installing bogus antivirus apps. This is called “scareware”. Reputable security companies won’t “push out” products in this way. ESET’s Cameron Camp says, “Malware posing as security apps, also known as “scareware”, are some of the most pervasive scams on Android in recent months.”
Set your phone to block apps from unknown sources
Many SMS phishing attacks aim to fool you into installing malicious apps – particularly on Android. As a precaution, block installation from unknown sources (it’s in Android’s Settings menu). If you have to unblock this (for instance to install a work app), set it back to “blocked” when you’ve finished. If you do make a mistake, this gives you another line of defense.
If you’re an Android user, protect your phone with an antivirus app
Google’s own Verify Apps function is a useful first line of defense – and Android users should turn it on. You can also block specific numbers from texting you – or block all unknown senders.
Protecting your Business
Phishing and smishing scams are getting increasingly more sophisticated. They’re among the leading causes of data breaches. Don’t leave your company’s data security up to chance.
Omega Network Solutions provides reliable and cost-effective IT Security Services. Including Omega Shield which protects against deceitful cyber-attacks by:
- Providing valuable and ongoing security training to employees.
- Providing regular Security Threat Reports to measure and track the strength of your organization’s overall cybersecurity protection.
- Proactively monitoring the dark web for compromised data.
- Managing an Email Protection Service that filters emails and scans for viruses to protect your network.