Phishing is the scammer’s tool of choice, so it should come as no surprise scammers are expanding their phishing toolbox.
When many of us think of phishing, we think of emails. Opening phishing emails could lead to a barrage of adware all the way to ransomware, in which your servers are held hostage until you pay some hacker to release them. Click here to see if you can pass our phishing quiz.
Now there’s a new type of phishing scheme to worry about. This one comes in one of the most innocuous and prosaic forms of cell phone communications — SMS messages.
Texts are the new phishing hole
Text messages have been around almost as long as cell phones. For years they were the best and easiest way to communicate with friends and family.
You didn’t have to sign in to an app, you didn’t need a computer and the words “unlimited text messaging” still sent thrills down cell phone users’ spines. Yes, the youngsters have moved on to WhatsApp, Instagram and Snapchat, but if you ever want to get a hold of someone under 30, text messages are still your best bet.
While text features have improved since the advent of smartphones, their essential mission remains the same — short messages to pass along photos, jokes or reminders.
But our sustained affection for text messages has created an opening for scammers. Aside from our families, we’re used to getting text messages from companies when we make monthly payments — like from our mobile phone carrier.
According to cybersecurity firm Sophos, that’s where the scammers get you.
You could receive a text with a link that looks to be from your carrier telling you something went wrong with your billing. Tap or click here to see how easy it is for hackers to forge bill notifications. To keep from falling behind on our bills, our natural response is to click the link.
Related: Alert: Sophisticated email scam is on the rise
You know better than that. If you know not to click unusual links in emails, why would you in texts? Granted, these texts aren’t threatening, filled with all caps and exclamation points and pledging to cut off your service.
The texts say, “please” and are fairly clean in terms of grammar and spelling. But pay close attention to the URL link. If something looks off, don’t click it — in fact, don’t click links at all.
But if you click on it anyway, you’ll end up on a spoof site that looks very much like your carrier’s site — HTTPS certificate at all. So you put in your user ID and your password and you’ve just handed over the keys to your account to a scammer.
What to do if you click
For whatever reason — it wasn’t a work email, it was on your own phone — you clicked. What do you do now? Sophos has these helpful tips:
- Change your password as soon as you can: If you think you just gave away your password by mistake, immediately go change it on the real site.
- Look for obvious mistakes in messages: Scammers are becoming more sophisticated in crafting their phishing emails and texts, but they still need to use bogus domain names and that’s your biggest clue something isn’t right.
- Don’t log in via links sent from outside sources: If you want to avoid spoof sites, don’t click on the text’s URL. Instead, bookmark each provider’s login page or use a password manager that ties passwords to specific URLs.
- Report phishing scams: Even if they didn’t snare you, think of those who may not be as tech-savvy. You can report potential cyberthreats — files, emails and URLs — to the FBI. Tap or click here for the FBI’s Internet Crime Complaint Center.
Komando.com wants to make sure you are up to date on all the possible dangers out there in cyberspace. So, tap or click here to sign up for Kim’s Fraud & Security Alerts newsletter and be the first to learn about product recalls, data breaches and breaking tech news.