WORKPLACE BLOG

Subscribe for Updates

Newsletter Signup

 

September 16, 2022

Smishing text on phone

Smishing is the latest tactic cybercriminals have taken on to trick people into giving away their confidential information.


Most of us are now aware of what a typical phishing scam looks like via email or phone call. In the digital world of cyber hacking, phishing is a scamming tactic used to trick people into revealing confidential information about their bank account, credit card, or other personal accounts. Now, these phishing attempts are not only as phone calls and emails, but cybercriminals can also reach you via SMS (text message) through a popular phishing scam dubbed “smishing.”

Read on for a list of the different types of smishing attacks you should be aware of. In general, if you receive a text from someone you don’t know you should ignore and delete the text. You can also block the sender, but the smarter criminals will rotate the numbers they come from.

The “acquaintance” you never met

Some scammers act like someone who appears to know you and lure you in with a friendly message. USA Today reports that the message may look like this: Beautiful weekend coming up. Wanna go out? Sophie gave me your number. Check out my profile here: URL. Smishing attempts try to use common names like Don or Ann that aren’t too obvious or hard to pronounce because they want to maintain their not-so-suspicious facade. 

Your package is pending

Getting a text message saying that you have a package waiting for you might seem tempting, but think before you click on anything. A new text message scam has been making its way around the country. People have reported receiving messages saying: Name, we came across a parcel/package from a recent month pending for you. Kindly claim ownership and confirm for delivery here, and then a link. Clicking on the link and inputting personal information potentially allows cybercriminals to steal your identity, empty your bank account, or install malware on your phone. 

Your bank is closing your account

Cyber hackers often disguise themselves as trusted institutions like your bank or utility company to sway you into giving up your password, PIN, or other personal credentials. The message may read something like: Dear customer, Bank of America is closing your bank account. Please confirm your PIN at URL to keep your account activated. Messages of this nature also contain urgent language such as “If you don’t reply within 24 hours, your account will be closed.” The best next step is to go directly to the company that is purporting to send you this scary message. It may require a call to your bank, but at least you’ll have confirmation from the source that your personal credentials are safe. 

You’ve won a major award

Everyone loves to win prizes—unless it’s a smish prize, which is more of a win for the hackers and a loss for you. Often times, this type of text will be written as: You’ve won a prize! Go to URL to claim your $500 Amazon gift card. If you don’t remember entering a contest for anything, do not click on the link, or you may inadvertently be going to a link that downloads malicious code like malware onto your phone, which can damage or disable your phone. 

The phone number proximity scam

This was an old phone call scam from years ago that tends to make the occasional comeback. Now, scammers have started using texts, too. These texts or phone calls typically come from three-digit area codes that appear to be from the United States, but they’re actually associated with international phone numbers, often in the Caribbean. The text often indicates that someone is in danger and needs help, and the criminal will ask you to call or text back. Plus, scammers will do anything to keep you on the line for as long as possible, like using an automated voice messaging service. Since dialing internationally can send your phone bill skyrocketing, that means lots of money in the smishers’ pockets. According to the Federal Trade Commission, people should be aware of messages or calls coming from these area codes: 268, 284, 473, 664, 649, 767, 809, 829, 849, and 876. For numbers you don’t know, don’t pick up or text back. If they really do know you, they’ll reach out again. 

Your debit card is locked

Nobody wants to run into problems with their bank. That’s why when you receive a text alerting you that your debit card is locked due to suspicious activity, it’s very tempting to click the link the text provides to solve the problem—which is exactly what you shouldn’t do. Don’t reply to an email, phone call or text message that requires you to give your personal or account information either directly in the email or on a website the email sends you. To avoid being scammed, it’s best to contact the bank directly to find out what’s going on with your account rather than clicking on any link a text message is sending you. 

Set your delivery preferences for your FedEx package

It’s always a relief to be notified that the FedEx package you’ve been waiting for is delivered. However, it’s best to take a second before clicking on a text that’s supposedly from FedEx. According to CNN, the text messages show a supposed tracking code and link to “set delivery preferences.” The link directs people to a fake Amazon listing and then asks them to take a customer satisfaction survey, after which they’re informed that they won a free gift. Wonderful, right? All they have to do is put in their personal and credit card information—now what could go wrong with that? “FedEx does not request, via unsolicited mail, text or email, payment or personal information in return for goods in transit or in FedEx custody,” FedEx said in a statement. If you receive a text of this kind, it’s best to contact FedEx directly to find out what’s actually happening with your package. 

The bottom line: Don’t click any suspicious links

The links in smishing scams often contain malicious code that can encrypt your files and lock your phone. If that happens, smishers essentially hold your phone hostage and will demand money in return for access back into your phone. The code may even give them access to all of your personal online accounts. The text component is important because a lot of accounts we have now are using two-factor authentication for enhanced login security.  If the bank or Amazon asks for the text code they sent you to authenticate your identity, the hacker could intercept that code and access your account remotely. It’s also a good idea to update your phone to the latest operating system. Most of the operating system upgrades for smartphones include security improvements.

An additional precautionary step to safeguard your phone is to install a reputable app or software that’s made for mobile device protection.

 

Source: Reader’s Digest: Official Site to Subscribe & Find Great Reads (rd.com)

About the author:

comments powered by Disqus