Security Update – What is Smishing and how to Protect Yourself
Text message or SMS phishing, called “smishing,” is when cybercriminals use deceptive text messages to lure people into divulging sensitive personal information that can be used to commit fraud. The cybercriminals often impersonate government agencies, banks, and credit card companies to lend legitimacy to their scam. These smishing messages create a sense of urgency by implying that an immediate action is required, or that there is a limited time to respond. The smishing message may contain a link that will prompt the user to provide confidential information such as usernames, passwords, and credit or debit card numbers; or may place malware on your device that can be used to intercept messages or quietly collect personal data in the background.
Security experts believe that one reason smishing is so effective is that users trust text messages more than phone calls or email. With the adoption of text messages for two-step authentication, where a verification code is sent to you, people are accustomed to receiving text message that require action from companies they do business with.
Follow these tips to help protect yourself from smishing scams:
- Do not click on links in unsolicited text messages. Clicking on the link may infect your mobile device with malware, or may lead you to a site designed to steal your personal information. If you receive a text message containing a link from a company you do business with, contact the company through a phone number or email you know to be authentic to verify the message you received is legitimate.
- Do not download apps via a text message. The app may be malicious and can be used to steal your personal information. Apps should only be downloaded from trusted app stores.
- Never provide your personal or financial information in response to a text message. Government agencies, banks, and other legitimate companies will not ask for personal or financial information like usernames, passwords, PINs, or credit or debit card numbers via text message. If you receive a text asking for such information, contact the company through a phone number or email you know to be authentic to verify the message you received is legitimate.
- Do not respond to smishing messages, even if it is only to text “stop.” Responding to smishing messages verifies that your phone number is active and that you are willing to open such messages, which can increase the number of unsolicited text messages you receive. Just block the sender and delete the message.
- Use the same safety and security practices on your cell phone as you do on your computer. Be cautious of text messages from unknown senders, as well as unusual text messages from senders you do know. Make sure that you keep your phone’s operating system, security software and applications up-to-date.
By following these tips, you can help protect yourself from falling victim to a smishing scam. If you believe that you are a victim of a smishing scam, contact the company or government agency that the cybercriminal is impersonating and immediately report it.