Have you heard? There is a rising scam in town called "smishing." In fact, smishing is the new phishing.
Criminals are getting more creative by texting your mobile devices to obtain your most valuable data. Not to mention, your phone can be hacked without you knowing it.
Smishing stands for SMS phishing. It is a method of using SMS (text) messages to trick unsuspecting victims into taking a suggested course of action. Since many of us prefer text over email and phone calls, criminals are taking note and targeting our SMS inboxes.
You are probably already aware of the security risks around clicking on links in suspicious emails. Well, now, you have to be aware of the risks within your text messages.
In addition, attackers love smishing because they can use inexpensive apps such as SpoofCard and the BurnerApp to spoof a number to send you the ominous messages. Some of the most common risks include:
- Downloading malware which allows hackers to control your phone
- Visiting a malicious website
- Calling a fraudulent phone number
Some of the types of text messages you might receive are similar to phishing emails such as:
- Asking you to update your information to avoid account suspension
- Opting out of subscriptions
- Offering free vouchers
You can recognize smishing if it comes from a number that doesn't appear to be real, such as "0420" or "5000." Furthermore, the number is shortened to nine digits instead of 10. Plus, they can be difficult to block because they use spoofing software to change the numbers with each message.
Since people are ignoring their emails, scammers are turning to text messages. Moreover, criminals are using Flash SMS to send fake emergency and traffic alerts or to send one-time pass codes.
That's why you need to know how to protect your gadget from smishing scams. Keep reading and I'll tell you how.
Are you ready to protect your phone from smishing? Here's how:
Check the text to see if it plays to common fears
Since scammers are trying to get you to respond immediately and click on a link, they try to make their texts appear as urgent as possible. As humans, we all have our fair amount of fears. When confronted, we may even throw reasoning out the window.
This can be true despite understanding the risks. Listed below are a few common fears attackers will use as bait:
- Having your money stolen
- Family members getting hurt
- Accusations for a crime you didn't commit
- Something you don't want the public to know about
Here's the thing, scammers will also refine their scams based on response rate. So, if you don’t respond, they will start to lose interest.
If you receive a text message from a number you don't recognize, do not respond until you have verified the number. Don’t even write, “Who is this?” If the text appears to come from your bank, call your representative first before answering any questions.
It's just too quick and easy to respond to texts. Most of us can do so without blinking an eye. Yet, now is the time to be more cautious before replying.
Use the Text Alias feature
Most major mobile device service providers offer a Text Alias feature that lets you receive and send texts, but your recipients cannot see your actual number.
You can also give the alias to trusted friends and family members. Since attackers can't find your alias in a directory, it can cut down on the number of smishing texts sent your way.
Don't call a number left in a text message
Banks don't usually send text messages urging you to call them. The last thing you want is to call a fraudulent number that can turn your phone into a zombie, bending it to the will of your attackers. What you should do is contact your bank to ask them about their text messaging policies.
Normally, your bank will have an opt-out of text messages feature—as most businesses do. And, if you have opted out, you should not receive any texts from your bank or any other institution where you are a patron.
Personally, I often opt out of the text message feature just because I receive too many from friends and family as it is. I like to keep my bank's messages in email.
Install apps from official channels
Do not download apps from text messages. This may seem obvious, but you should only use the official app store, which has security features in place to protect you from malware and other threats.
If the text feels extremely urgent, then you can tell it is a scam. Legitimate businesses will always give you time to respond.
Do not give away personal or financial information via text message
Major companies will not ask for sensitive information through text messages. You should also block any suspicious numbers.
Although, you might have to block more than one. As a general rule, don't reply to text messages from numbers and people you don't know.
Use an antivirus and anti-theft app
At the very least, you should install a mobile security app. There are many valid filtering, antivirus and anti-theft apps available to protect your phone from malware and scams. Some of the more reputable companies include McAfee, AVG, Norton and Avast.
Now that you understand how smishing works, you are in a better position to protect yourself.