Merry Christmas, and have a happy new year.
Stay safe. This is the prevalent part of the year for attackers of all sorts to look for an easy score. Easy can mean by phone, or online. When you're out and about, shopping, pay attention to your surroundings. Enable the security on your phones. Attacks come at the moment when you're most vulnerable.
We get comfortable walking around, in our virtual world, emailing and texting.
Texting leaves you vulnerable to scam attacks. The texts can come from people you know and also people you don't know. This is smishing. Scammers sending scam texts to individuals.
There are quite a few ways to acquire personal information from people. Some types are smishing, vishing, and phishing. Smishing uses social engineering to get personal information about someone using text messaging.
"Smishing is the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers." (Languages.oup.com)
"These fake texts are an attempt to get your personal information by pretending they come from sources you know and trust, like your boss, the IRS, or a bank. Users should also report all spam texts to their wireless carrier for them to investigate. You can send any suspicious or spam messages to 7726 (which spells SPAM) if your carrier is AT&T, Sprint, T-Mobile, or Verizon." (Ryan Prejean, Help desk lead, IT support, Guardian Computer, New Orleans)
Some text examples of Smishing Attacks are: (msn.com)
- They've noticed suspicious activity or log-in attempts.
- There is a problem with your account or payment information.
- You must confirm personal information.
- You need to click on a link to make a payment.
- You're eligible to register for a government refund.
- You're being given a coupon.
- Your child is hurt and personal information needs to be sent for their treatment.
- You've been overcharged for something and you're being offered a refund.
- You've won a prize and you need to claim it.
- You have won $5,000. The prize needs to be claimed ASAP. Please reply with your bank information so we can deposit the money into your account.
- Your package has been lost. Please click here for more information: http://bit.ly/12345.
- Your IRS tax refund has been denied. Click here to file a review in 24 hours: http://bit.ly/$.
Smishing goals are:
- Gain personal information.
- Social security numbers.
- Bank information.
- Credit card details.
- ID theft.
- Steal bank account.
- Charge credit cards.
- Take out loans.
Similar to other online scamming activities, smishing is easy. The attackers execute smishing with a few phone numbers, and get valuable information in return.
"As technology becomes more advanced, the cybercriminals' techniques being used are also more advanced." (Phishing.org)
Attackers understand that people are used to text messaging. 95% texts are opened and read in 3 minutes. Only 20% emails are opened and read at all. Victims rarely reply. Theives like smishing.
The texts aren't easy to identify. The company's name isn't present. Short links are used; bit.ly. The smishing texts are labeled as urgent.
Smishing can be defended against by setting up SPAM FILTERS and BLOCKING UNKNOWN SENDERS in your text settings menus. Also, don't reply to them if they're suspect. Block the numbers. Keep them from using you in another attempt.
Immediate defensive actions:
- Change all of the passwords that are associated with the information you gave out.
- Contact the real company you thought you were texting to let them know what happened.
- Run a malware check on your phone to ensure the link didn't allow malicious code to be downloaded on your phone.
- Try Malwarebytes or Avast Antivirus.
- If you gave out bank or credit card information, contact the bank or credit card company to report suspected fraud.
- Cancel the card that is prone to attack.
- Find more ways to stop spam texts on an iPhone or Android.
Stay safe; remain cyber aware. (Consumer.ftc.gov). Personal information is valuable. It can get stolen. Protect it. There are lots of cyber scams out there. Some types are smishing, vishing, and phishing. Smishing uses social engineering to get personal information about someone using text messaging.
