What is Smishing?
Like the old adage about finding true love goes, “There are plenty of fish in the sea!” In the digital world of cyber hacking, they’re known as “phish,” a scamming tactic used to trick people into revealing confidential information about their bank account, credit card, or other personal accounts. These phishing attempts first started out as phone calls and emails, but now cybercriminals can also reach you via SMS (text message) through a popular phishing scam dubbed “smishing.”
“A good general rule of thumb for a text from someone you don’t know is to just ignore it or delete it,” says Stephen Cobb, senior security researcher at ESET, a company that makes antivirus and Internet security software for businesses and individuals worldwide. “I think blocking is an option if you’re getting messages from the same source all the time, but the smarter criminals will rotate the numbers they come from.”
Read on for a list of the different types of smishing attacks you should be aware of.
The “acquaintance” you never met
Some scammers act like someone who appears to know you and lure you in with a friendly message. USA Today reports that the message may look like this: Beautiful weekend coming up. Wanna go out? Sophie gave me your number. Check out my profile here: [URL]. Smishing attempts try to use common names like Don or Ann that aren’t too obvious or hard to pronounce because they want to maintain their not-so-suspicious facade. Now that you know about smishing, find out the password mistakes hackers hope you’ll make.
Your package is pending
Getting a text message saying that you have a package waiting for you might seem tempting, but think before you click on anything. A new text message scam has been making its way around the country. People have reported receiving messages saying: [Name], we came across a parcel/package from [a recent month] pending for you. Kindly claim ownership and confirm for delivery here, and then a link. Clicking on the link and inputting personal information potentially allows cybercriminals to steal your identity, empty your bank account, or install malware on your phone.
Find out how to prevent identity theft in five steps.
Your bank is closing your account
Cyber hackers often disguise themselves as trusted institutions like your bank or utility company to sway you into giving up your password, PIN, or other personal credentials. The message may read something like: Dear customer, Scotiabank is closing your bank account. Please confirm your PIN at [URL] to keep your account activated. Messages of this nature also contain urgent language such as “If you don’t reply within 24 hours, your account will be closed.” Cobb says it’s best to go directly to the company that is purporting to send you this scary message. It may require a call to your bank, but at least you’ll have confirmation from the source that your personal credentials are safe. You have to be careful online shopping as well.
You’ve won a major award
Everyone loves to win prizes—unless it’s a smish prize, which is more of a win for the hackers and a loss for you. Often times, this type of text will be written as: You’ve won a prize! Go to [URL] to claim your $500 Amazon gift card. If you don’t remember entering a contest for anything, do not click on the link, or you may inadvertently be going to a link that downloads malicious code like malware onto your phone, which can damage or disable your phone.
The phone number proximity scam
This was an old phone call scam from years ago that tends to make the occasional comeback. Now, scammers have started using texts, too. These texts or phone calls typically come from three-digit area codes that appear to be from Canada, but they’re actually associated with international phone numbers, often in the Caribbean. “Just because it’s coming from your three-digit area code, that doesn’t mean it’s somebody you know,” says Cobb. “There’s actually a number faking service that allows you to do that.” The text often indicates that someone is in danger and needs help, and the criminal will ask you to call or text back. Plus, scammers will do anything to keep you on the line for as long as possible, like using an automated voice messaging service. Since dialing internationally can send your phone bill skyrocketing, that means lots of money in the smishers’ pockets. For numbers you don’t know, don’t pick up or text back. If they really do know you, they’ll reach out again.
If you ever hear this four-word phrase when you answer the phone, hang up immediately.
Your debit card is locked
Nobody wants to run into problems with their bank. That’s why when you receive a text alerting you that your debit card is locked due to suspicious activity, it’s very tempting to click the link the text provides to solve the problem—which is exactly what you shouldn’t do. To avoid being scammed, it’s best to contact your bank directly to find out what’s going on with your account rather than clicking on any link a text message is sending you.
Read up on the impending 3G network shutdown, and how it could affect you and your devices.
Set your delivery preferences for your FedEx package
It’s always a relief to be notified that the FedEx package you’ve been waiting for is delivered. However, it’s best to take a second before clicking on a text that’s supposedly from FedEx. According to CNN, the text messages show a supposed tracking code and link to “set delivery preferences.” The link directs people to a fake Amazon listing and then asks them to take a customer satisfaction survey, after which they’re informed that they won a free gift. Wonderful, right? All they have to do is put in their personal and credit card information—now what could go wrong with that? “FedEx does not request, via unsolicited mail, text or email, payment or personal information in return for goods in transit or in FedEx custody,” FedEx said in a statement. If you receive a text of this kind, it’s best to contact FedEx directly to find out what’s actually happening with your package.
Discover six ways to outsmart porch pirates.
The bottom line: Don’t click any suspicious links
The links in smishing scams often contain malicious code that can encrypt your files and lock your phone. If that happens, smishers essentially hold your phone hostage and will demand money in return for access back into your phone. The code may even give them access to all of your personal online accounts. “The text component is important because a lot of accounts we have now are using a text code to authenticate you,” says Cobb. If the bank or Amazon asks for the text code they sent you to authenticate your identity, the hacker could intercept that code and access your account remotely. “It’s also a good idea to update your phone to the latest operating system,” says Cobb. “Most of the operating system upgrades for smartphones include security improvements.”
An additional precautionary step to safeguard your phone is to install a reputable app or software that’s made for mobile device protection. One of these security solutions includes ESET Mobile Security for Android devices, which has an anti-phishing feature that prevents you from clicking on links within a message that are malicious. A spokesperson for ESET says, “A product like this is a good layer of security to have in case you are tempted to click, or the scam looks so legit that you don’t even think twice and intuitively click (as many do).”
Next, find out why you need to stop commenting on those viral Facebook memes.