Be aware of “smishing,” a word blend of “SMS” (short messages services, also known as texting) and “phishing.” When cybercriminals “phish,” they send fraudulent emails that aim to trick the recipient into opening a malware attachment or clicking on a malicious link, and when they “smish,” they try to engage potential victims in the same way via text message.
How to Protect Yourself:
- Warning signs of a hacking attempt include urgent security alerts and you-must-act-now coupon redemptions, offers or deals.
- No financial institution or merchant will send you a text message asking you to update your account information or confirm your ATM card code. If you get a message that seems to be from your bank or a merchant you do business with and it asks you to click on something in the message, it could be fraud. Call your bank or merchant directly if you are in any doubt.
- Never click a reply link or phone number in a message you’re not sure about.
- Look for suspicious numbers that don’t look like real mobile phone numbers, like “5000.” These types of numbers link to email-to-text services, which are sometimes used by scam artists to avoid providing their actual phone numbers.
- Unless you regularly communicate with them via text, senior leadership will likely never contact you via text message for urgent matters. You should also have these numbers in your contacts. Urgent communications should be a phone call.
- Be sure that the person texting you is who they say they are; is the phone number and area code correct, or has the imposter claimed to have received a new phone number?
- Refuse to take the bait – simply don’t respond and block the number.
If you want more information on “smishing,” the U.S. Department of Health and Human Services has videos and workplace documents about these social engineering campaigns.