Governments across the globe have created restrictions to help reduce the spread of COVID-19. These regulations change often and can vary by country, region, and even city. So, knowing exactly what is expected of you can be a challenge. It’s no surprise that scammers are taking advantage of all this confusion.
Cybercriminals are using text messaging, or short message service (SMS), to pose as a government agency. The message may say something like “you have been seen leaving your home multiple times and as a result you are being fined”. You are urged to click on their official-looking link to pay this "fine" online. By clicking this link, you’ll be taken to a payment page where you can give your credit card details directly to them!
This tactic is known as “Smishing” (SMS Phishing). Smishing can be even more convincing than email phishing, as it's easy for criminals to spoof their phone number to appear as though they're calling from an official source.
Here’s how to stay safe from this smishing attack:
- Think before you click. Scammers want to get under your skin. Not only does this message accuse you of ignoring regulations, but it also claims you have to pay a fine! Don’t give in to this tactic.
- Never trust a link in an email or text message that you were not expecting. Instead of clicking the unexpected link, open your browser and type in the official URL of the website you wish to visit.
- Stay informed during this confusing time by following local news, government websites, and other trusted sources.
Rise of “Smishing" attacks
Many services, from grocery pickup to credit score updates, offer notifications via text messages or short message service (SMS). Typically, these notifications are short, vague, and include a link — which makes them great for faking! Scammers use fake notification messages for SMS “phishing”, or “smishing” attacks.
In a recent “smishing” attack, scammers spoof shipping companies and send multiple fake text message notifications. The text messages state that you have an urgent notification regarding the delivery of a package. Each notification includes a link for more information. Clicking this link takes you to a fake Google login page that is designed to steal any information you enter.
It can be tough to spot “smishing” attacks, but like a traditional “phishing” attack, there are steps you can take to keep your information safe. Follow these tips:
- Think before you click. Were you expecting this message? When did you give this company your phone number? Did you sign up for text notifications?
- Be cautious of a sense of urgency. Scammers send multiple texts and use words like “urgent” to try and trick you into impulsively clicking a malicious link.
- Never trust a link in a text message that you were not expecting. If you think the notification could be legitimate, contact the company another way, such as by visiting their official website.