Internet scam artists are moving beyond your email inbox to target your text messages as well. “SMiShing,” also known as SMS Phishing, continues to loot information from busy and unaware consumers despite its relative maturity as a scam method.
Here’s what you should know about SMiShing and how to protect yourself:
SMiShing occurs when a fraudster leverages the text capability of most handheld devices to contact a potential fraud victim. SMS text messages in this context are designed to stun, threaten or trick a victim into submission so that they click on or respond to the information contained in the fraudsters “SMiSh text.”
Fraudulent text messages may direct the user to call a certain number for further assistance. They often contain hyperlinks that inject malware directly onto the victim’s cell phone, enabling the fraudster to take over the phone and all its contents. Ransomware could be a common element of this attack as fraudsters attempt to ransom the phone data back into the hands of the victim for a considerable fee. Additionally, two-factor authentication, if put into the hands of a criminal, provides unprecedented access to sensitive financial and medical logins because the fraudster can leverage the hijacked device to take over two-factor passcodes.
Fortunately, there are many warning signs that you’re being targeted. If you start to see unmarked, unusual or unknown text messages begin to target your device without any plausible reason, this is a huge red flag. Another sign that you’re being targeted is if the text messages contain hyperlinks along with urgent messages that indicate a stoppage of service to you if you do not comply (no legitimate business seizes service from you for lack of a response). A version of SMiShing could include voicemails that underscore a threat or pending unfavorable action if you don’t comply. Emails are also susceptible. If you begin to see emails that indicate that attempts are being made to access your device from an unusual location or IP address, beware!
How do you prevent SMiShing attempts on your cell phone?
- Use a variety of passwords and biometric options to protect important information on your device.
- Enable remote wiping and “find my device” options, and make sure you have the proper contact information for your service provider in the event you are unable to use your device to communicate.
- Do not store private information on your device like full passwords or login information.
- Cool heads and common sense always prevail.
- Payment cards are never “closed down” because you neglected to respond to a text alert. If you suspect foul play, the best idea is to call your card issuer directly for up-to-date information about your account status.
- The smartest thing you can do when a suspicious text message arrives is to delete it. Do not respond at all. If you are concerned that a business provider needs to reach you, then use your own phone to contact them using published contact information.
- Utility companies, municipal authorities and courts of law do not disseminate critical information via text. You are never in jeopardy of losing your freedom, electrical power or loved ones if you ignore a coercive text message. Again, a common-sense rule of thumb: If you were about to be arrested by a local authority, you would not be reminded of the impending consequences via text!
- Do not ignore system updates on your cell phone and handheld devices. The time constraints feel painful to most consumers, but the value in having the latest security patch updates on your device is well worth the small inconvenience of waiting for them to be installed.
Fraudsters will never stop working to perfect their dark arts through improvements to and variations of older scams. SMiShing is particularly inventive because of the blatant use of intimidation. Keep cool, stay alert, and proactively protect yourself with the steps described above – which are not nearly as bothersome as the unwelcomed delivery of fraudulent texts.