SMiShing is not a new tactic. A form of phishing, SMiShing is an activity that involves someone attempting to trick you via text or SMS message. If the trick is successful, the individual will receive your critical personal information.
Did you know that there are approximately 913,242,000 texts sent every hour of every single day around the globe? This translates to roughly 15.2 million per minute. These messages are easy targets for cybercriminals who wish to steal personal information for monetary gain.
What is SMiShing?
SMiShing occurs when a cybercriminal sends a text or SMS message to another individual requesting their personal information. Similar to attempts that occur via email, those who receive the text are more likely to trust this form of communication over an email.
In our recent video about SMiShing, we illustrated a story about individuals who were subjected to a text stating their account had shown suspicious activity. A link in the text led those who received the message to a phishing website that asked for their personal information. Unfortunately, the attack resulted in thousands of dollars being stolen by those who filled out the form online—most of which wasn’t returned or paid back by the bank.
However, some information a SMiSher might be looking for won’t necessarily be your bank account number. They might be phishing for something as simple as an online account password or something as serious as your Social Security Number. Cybercriminals will stop at nothing to gain access to your records. It’s critical to understand how to best avoid a SMiShing attack to keep your information safe.
How to Know If You’re Being SMiShed
Your first clue is receiving a text message from a number you don’t recognize. If you receive a text of this nature, read it carefully. These text messages could range from a simple link to a website or could be asking for specific personal information. They could ask you to verify your information for some reason or they could state you’ve won a contest that you never entered. Regardless of the message, no company or service would ever ask for personal information over a text.
How to Avoid a SMiShing Attack
There are some steps you can take to avoid being SMiShed. Above all, always remember that a message from a phone number you don’t recognize might be an attempt to phish you. Beyond that, here are multiple ways to avoid being the victim of a SMiShing attack.
- Don’t reply to the text message: Don’t reply to the text message, especially if it’s asking you for personal information such as financial information, your social or online account passwords.
- Call the business to verify any changes: If a business you use seems to have sent you a text message regarding your bank account or other assets, contact the business immediately. They will know whether or not this activity is true or false. Plus, it’s important to let them know of any suspicious activity involving their business for their own cybersecurity efforts.
- Check the phone number: Phone numbers always have more than five or six numbers. If you receive a text message from a number with fewer numbers than a typical phone number includes, you could be getting phished. This helps the cybercriminal keep their true identity under lock and key.
- Do your research: You can find business phone numbers online. If you see a number that is suspicious, simply search online. Most of the time, these numbers have been used before for previous scams. You’ll be able to see if the number is legit prior to responding.
- Look at the time of the text: Was the text sent at an out of the ordinary time such as the middle of the night? Chances are it’s a phishing attempt. Businesses should only text you during office hours or at times set forward by you for services you have signed up for.
- Don’t store your banking information on your phone: If your banking information isn’t there to steal, the cybercriminal won’t be able to find it. Keep this information secure elsewhere.
It’s possible to fall for a phishing attempt if you’re unaware. To be prepared, ensure your bank offers a policy for protecting your assets, just in case. If it’s available through your email account, consider using two-step verification to help protect your email account information. Also, always be sure to change your account passwords often to keep your accounts secure. When choosing passwords, make them strong and avoid using any personal information that is easy to guess.
With any suspicious activity, it’s best to report to the FCC’s Consumer Complaint Center. This will ensure others are protected from phishing attempts in the same manner. Text messaging is a great way to communicate if you’re vigilant. To learn more about protecting yourself against SMiShing and other phishing attacks or to start protecting yourself today, try PhishProof, Inspired eLearning’s anti-phishing software.
The original version of this article was first published on Inspired eLearning.
Latest posts by Alex Patterson (see all)
- Overlooked Groups for Security Awareness Training - September 18, 2019
- How to Become a Ransomware Defender - September 10, 2019
- How to Measure the Success of Your Security Awareness Program - July 31, 2019