What is smishing?
Smishing (SMS Phishing) is similar to email phishing scams but done through SMS messaging or other messaging apps. This type of cyberattack relies on exploiting your trust rather than using technical methods. These attacks are aimed at stealing your personal data to commit other crimes, often stealing your ( or your company’s) money.\
What does smishing look like?
There are a couple of common methods used in smishing attacks.
Fake Websites: Clicking on a link in a smishing message may lead to a fake website that often looks like a legitimate website, where you are asked to fill in personal information. This information might include your password to the legitimate site that is being spoofed, your birthdate, or answers to security questions.
Malware: This method will ask you to click on a URL that automatically installs malicious software on your device. Sometimes it leads to an app download that looks legitimate, but its purpose is to collect sensitive information.
Common themes for these messages may say things like:
“Your payment has been declined”
“Your account has been locked”
“Your package couldn’t be delivered”
“Invoice for_____”
“Order confirmation”
You may also see messages telling you that you’ve won something or a message that looks like it comes from your banking institution.
How you can protect yourself:
Don’t respond to the message, and be skeptical of messages that appear to come from a friend you haven’t heard from in a while, or from someone you don’t normally text.
Look for odd wording, misspellings, and capital letters in odd places. These might indicate the attack comes from a non-native speaker.
Be wary of messages that are “urgent” or are asking you to take immediate action. Don’t click the link or call the number included in the message. For example, if you receive a message that appears to come from your bank, open a new tab and go directly to the site you know is legitimate, or call the customer service number on the back of the card to verify the claims.
If you have been a victim of a smishing attack, here are a few ways to report it:
For an IRS-related scam - https://www.tigta.gov/irs-scam-resources
FTC Complaint Assistant - https://reportfraud.ftc.gov/#/assistant?orgcode=IRS
FBI’s Internet Crime Complaint Center - https://www.ic3.gov/