What is smishing?
Cybercriminals are using text messaging, or short message service (SMS), to pose as an account provider, or other familiar businesses. The message may say something like “you have missed a delivery for your package”. You are urged to click on their official-looking link. By clicking this link, you’ll be exposing your information to them.
This tactic is known as “Smishing” (SMS Phishing). Smishing can be even more convincing than email phishing, as it's easy for criminals to spoof their phone number to appear as though they're calling from an official source.
It can be tough to spot “smishing” attacks, but like a traditional “phishing” attack, there are steps you can take to keep your information safe. Follow these tips:
Think before you click. Were you expecting this message? When did you give this company your phone number? Did you sign up for text notifications?
Be cautious of a sense of urgency. Scammers send multiple texts and use words like “urgent” to try and trick you into impulsively clicking a malicious link.
Never trust a link in a text message that you were not expecting. If you think the notification could be legitimate, contact the company another way, such as by visiting their official website.
If you received a call and are suspicious, contact the company another way to verify this, such as using the contact number on their official website.
Here’s how to stay safe from a smishing attack:
Think before you click. Scammers want to get under your skin. Not only does this message accuse you of ignoring regulations, but it also claims you have to pay a fine! Don’t give in to this tactic.
Never trust a link in an email or text message that you were not expecting. Instead of clicking the unexpected link, open your browser and type in the official URL of the website you wish to visit.
Be cautious of a sense of urgency. Scammers send multiple texts and use words like “urgent” to try and trick you into impulsively clicking a malicious link.
Rise of “Smishing" attacks
Many services, from grocery pickup to credit score updates, offer notifications via text messages or short message service (SMS). Typically, these notifications are short, vague, and include a link — which makes them great for faking! Scammers use fake notification messages for SMS “phishing”, or “smishing” attacks.
In a recent “smishing” attack, scammers spoof shipping companies and send multiple fake text message notifications. The text messages state that you have an urgent notification regarding the delivery of a package. Each notification includes a link for more information. Clicking this link takes you to a fake Google login page that is designed to steal any information you enter.