← Back to News List

Tips to Help Protect Against Smishing Scams

Scammer Don't Just Use Email

Smishing scams are a type of phishing scam which occurs when a malicious actor sends text messages or direct messages. They follow a similar pattern of acting as if they were from a trusted source like banks, government agencies, or even friends and family, trying to trick users into clicking a malicious link or possibly giving personal and financial information.


In recent years smishing attacks have started to become more numerous and sophisticated. Just like with phishing attacks, smishing also spikes during a crisis like COVID-19. These attacks are designed to exploit the public’s fears and anxieties, making their victims an easier target.

According to the article below, many more adults and children will open a text message or direct message on average compared to an email. Malicious actors can also automate the sending of text and direct messages to thousands or even millions of phone numbers and, unlike emails, there is no viable way for a user to block or flag suspicious messages.

These scams are similar to other phishing scams. They will still instruct the user to perform actions that could be harmful. Some of these actions might include: 

  • Replying to the text or direct message with personal or financial information.

  • Clicking a link that downloads malicious files or directs them to a website designed to gain the users personal or financial information.

  • Asking the user to call a ‘customer service’ number.

  • Asking the user to wire money to the malicious actors.

Tips on how to spot and avoid smishing attacks:

  • Do not click on a link or call a number from an unknown number.

  • Do not submit personal information to an unknown number.

  • If possible try to verify the authenticity of the message by finding the sender’s website and official contact details online. For example if a message is claiming to be from your bank, check the bank's website to find the real contact information.

  • If it looks too good to be true, it probably is too good to be true.

  • Delete all suspicious texts.

  • If the sender has a ‘5000’ number, the message was sent via email and could be malicious.

  • If the sender is anything other than a cell phone number, the message may have been sent via email and could be malicious.

  • Block unknown numbers if possible.



For more information, please check out: 

https://portswigger.net/daily-swig/what-is-smishing-how-to-protect-against-text-message-phishing-scams

Tags:

Posted: July 17, 2020, 12:40 PM

Read Original Post in myUMBC