You’ve most likely heard the saying, “If a door closes, a window opens.” This is true for opportunities, but it’s also true for phishing attacks.
Many companies and individual PC users have become wise to the barrage of fake phishing emails and put automated measures in place to defend against these. Tactics like email filtering, DNS filtering, and phishing awareness training have helped reduce the effectiveness of phishing via email
So, cybercriminals have pivoted to other tactics. Now don’t get us wrong, email phishing is still a huge problem, but scammers are branching out to SMS as well.
In 2020, phishing via SMS (called “smishing”) increased by 328%. And on top of this, less than 35% of the population seems to even know what smishing is. This makes text-based phishing one of the rising dangers to network security for businesses.
Especially because mobile devices are being used much more often than even just a few years ago, taking on more of the business workload. A smartphone infected with malware from a smishing attack can quickly cause an infection of the company’s entire network.
Below, we’ll tell you what types of SMS phishing tactics to avoid and how to avoid falling for a fake text message.
It’s hard for people to pass up a free gift. A recent phishing scam that’s been going around is a text message that says simply, “Thank you for your payment. Please click here to claim your free gift.”
The SMS doesn’t identify where it comes from (a red flag), but a recipient could easily think it was attached to one of the many bill or retailer payments they may have made recently.
Getting shipping updates and delivery confirmations via SMS is commonplace now. This makes it easy for phishing scammers to impersonate shippers as they send text messages claiming there is a shipment that can’t be delivered until the address is corrected.
Of course, the link takes the person to a fake phishing site, which might ask them to pay a fee (stealing their credit card details) or ask for other personal information.
This is a recent smishing scam recently reported on a community’s HOA Facebook group. The community just had an installation of AT&T’s new fiber internet cables, so many people in the community were signing up for the service.
Some of these people received fake text messages claiming to be the AT&T installation team asking for personal details.
Smishing, just like email-based phishing, often uses scare tactics to get you to react before thinking. One type of smishing tactic is to send a message stating there is suspicious activity on a Netflix or Amazon account with a link to change the account’s password.
The scammer wants to steal your real password, which they do as soon as you log in to the fake form.
The pandemic has caused different types of government programs to become available that weren’t before. Smishing scammers use this type of text to make people think they can get a refund or additional money if they enter their details on a form.
Another pandemic-related smishing scam is a text message that warns that someone you’ve been in contact with has tested positive for COVID. There is a link as to what steps to take next. This is a scam that also uses scare tactics to get a reaction.
The first way to avoid falling for smishing is to realize it exists. Many people still think their mobile number is somewhat private and only those they give it to will have it to text them. But that is definitely not the case anymore.
If you know to be on the lookout for fake texts, then you have a better chance of avoiding falling for them.
If you get a link in a text message from a retailer or shipper, if it’s legitimate, you should be able to go to that company’s website directly to check the validity of the message. It’s better to do this than click a link.
You don’t have the same capability in a text message on a mobile device to hover over the link to check it first as you do with email on a PC. So, best to avoid clicking those links altogether.
Is it clear who the sender is? If not, this is a big red flag that this might be a scammer. Even if the SMS does have a company name included, be very wary. While you can look at an email address to check the domain of the sender, most people are not going to know the phone number a legitimate text message would be sent from.
Ensure your device is properly protected from malware by installing mobile anti-malware and DNS-filtering. This will help you avoid an infection from landing on a phishing site you visited from a link in a text message.
Mobile devices now make up about 60% of company endpoints. Haxxess can help your Northern Ontario business with an effective mobile security and endpoint management strategy.