You probably now receive a lot more text messages today from companies that you did a few years ago. This is due to businesses trying to bypass full inboxes. Retailers have joined the trend and are urging customers to sign up for shipping alerts via SMS. The medical industry has also joined the trend with doctors and dentists sending out SMS appointment reminders.
These kinds of texts are beneficial to us consumers but as with anything there are bad guys hanging around waiting to trap unsuspecting users. Thus, cybercriminal gangs are also using text messaging to send out phishing messages.
Phishing by SMS is known as “smishing” and is becoming a major problem. In 2020, smishing rose by 328% and in the first six months of 2021, it skyrocketed nearly 700%! Phishing via SMS has become a big risk area that a lot of people aren’t aware of.
Popular Smishing Scams to Look Out For
As mentioned above people are not aware of smishing and often think that only those they have given it to will have their phone number. But this isn’t the case as like with email addresses, mobile numbers are available through both legitimate and illegitimate methods:
- Advertisers can buy mobile phone number lists online.
- Hackers expose personal details and then sell them on the Dark Web.
- Data harvesting websites.
It is important to understand that phishing email scams are evolving into SMS scams. These SMS scams may look different and be harder to detect but are still trying to get something out of the target (money, data, personal info etc).
One thing with SMS messages is that you can’t confirm the sender. For example, with email you can check the senders email address to see if it’s legitimate. With SMS’s how do you know that it is a legit number from the company it claims to be from?
Text messages also commonly use shortened URLs. These “short” URL’s mask the true address so you can’t confirm the website until you click the link.
To protect yourself, you need to be aware of what is out there. Here are some examples some popular phishing scams that you may see.
Example 1: Delivery Problems
These smishing scams purport to be from a known courier or delivery company such as FedEx or TNT. The message states that there is a package held up for delivery to you because there are extra fees or more details are needed.
If you click the link, it will then ask for personal information to be used for identity theft or for a small monetary sum to release a package to get your credit card number.
If you get a message with a delivery issue it is best to contact the company directly rather than clicking any links.
Example 2: Get Your Free Gift
The “free gift” scam is a text message that doesn’t say who it’s from, but just says something along the lines of “Thank you for your recent order. Click here for your free gift.”, with a link.
This is a widespread scam that many have posted about online. It is an example of a scammer using a common fact – that most people would have ordered something recently and mistake the text to be from a company they know. The free gift then lures people into clicking the link.
Example 3: Fake Appointment Scheduling
This is where you receive a text that purports to be a confirmation of an upcoming appointment. Since you haven’t made any appointments you text back and the scammers then ask for your personal details or to click on a link to cancel the appointment. Again if you receive one of these messages, delete it or if it lists a company name, ring that company to confirm the details.
Example 4: Receiving Texts from Yourself?
If you have not already received a text message that has your own phone number as the sender, then will probably receive one soon. This scam is causing confusion amongst receivers. Confusion is good for scammers as it often cause people to click a malicious link in a message to find out more details. Once you have clicked on the link a malicious program (malware) can then be installed on you computer and / or your personal information or credit card details requested.
Scammers can easily make it look like a text message they sent you is coming from your number via clever spoofing software. If you ever see this, it is a big confirmation sign that this is an SMS phishing scam. You should not interact with the message in any way and quickly delete it.
Does Your Mobile Device Have the Security It Needs
It is easy for a smishing scams to cause a user to click on a link and infect your device and subsequently your network with malware. Do you have the proper security precautions (mobile antivirus, DNS filtering, etc.) in place to help stop this?
If not, contact us and we can help!