Smishing Fraud Warning




Smishing Fraud Warning

What is Smishing ?
Smishing is when SMS text messages are used to entice victims to click on a malicious link that either loads malware onto their phone or directs them to a fraudulent website that asks victims to “log in,” thus providing their credentials to criminals. Smishing is similar to phishing scams performed via email, with a key difference being the method used to deliver the malicious link (i.e., via SMS text message). Smishing may also be used to request victims call a number provided in the text message.

How to Identify Threat:
The warning signs for a smishing message are quite like those of a phishing attack and may include: 
  • Messages from an unknown number or from a party that has not previously contacted the victim via text message. Criminals may “spoof” phone numbers on smishing messages to make the message appear to be from a legitimate party.
  • A sense of urgency, such as a requirement to respond right away to avoid punishment or lose out on a reward. 
  • Poor English grammar.
  • Improperly formatted phone numbers and messages.
How to Protect Against This Threat:
It is best to report or delete messages you were not expecting from people you don't know. As with email, the best tactic is to not click on a link or call numbers in a message from an unknown party. If you need to contact a company or party after receiving an SMS message, you should contact them using information from a trusted source, such as the company’s own website.

If you do provide log-in information or otherwise fall for a smishing scam, immediately contact companies where accounts may be affected to change your login information and/or add additional login security. Multifactor authentication can also assist with reducing the risk of stolen credentials.

Finally, keep your mobile device software and browsers updated with the latest security upgrades.