As time goes on, cybercriminals’ tactics grow in sophistication, making it harder for people to suspect and identify when they are being targeted. While email phishing and phone vishing are still commonplace, an effective tactic growing in traction is
smishing. Smishing is when fraudsters use compelling text messages to manipulate their victims into disclosing sensitive information, such as banking credentials, credit card numbers, or any other piece of information that can be used for identity theft. Many cybercriminals will even insert links into text messages that will download malicious programs to smartphones once they are clicked on.
It's imperative that you understand different smishing scenarios, so you can guard yourself against financial loss. Read on for common examples, and tips on how to thwart these schemes.
Examples of smishing
Scenario 1: Very similar to email phishing, cybercriminals will send a text message posing as an organization or institution, such as your financial institution, the IRS, or other government agencies. They may use urgent language, stating you must take action or risk severe ramifications. Their goal is to manipulate your emotions and elicit panic, so you are less likely to assess the situation logically and more likely to fall into their trap.
More often than not, they will include a link for you to visit, where you will then be asked to fill out forms and disclose personal information. These links can also be used to transfer malware onto your device.
Some key things to remember:
- Do NOT tap on links in a text message from anyone you do not know.
- Legitimate government agencies and financial institutions will not text you demanding private information. If you are ever suspicious of a text message, find the institution’s listed phone number and call to verify if they need anything from you.
- Do NOT reply to the text message; it will simply encourage fraudsters to engage with you further.
Scenario 2: Another common strategy used by cybercriminals is posing as brands and retailers in text messages. They may send texts stating you have won a prize, you can be entered to win prizes if you complete a survey, or changes have been made to a recent order you placed. Some even provide faulty tracking numbers and links so you can “track” your recent purchases. Common brands fraudsters try to spoof are Amazon, Fedex, Walmart, and Target (to name a few).
A key thing to remember in any smishing scenario is that
their overarching goal is to entice you. Whether that’s through evoking panic, or curiosity, they are aiming to curb logic and rationale so you will do what they want you to do.
Some key things to remember:
- Again: do not tap or click on any links in text messages from someone you do not know. This is crucial to remember in any scenario!
- Before you do anything, PAUSE. Have you made any recent orders? Does the phone number look strange? Do you regularly shop at these retailers, and if so, is this similar to communications these legitimate brands send out? Logically assess the situation as best as you can.
- Pay close attention to the URL in the text message. If it does not point to a legitimate URL for a brand, steer clear of it!
Scenario 3: Some smishing attacks are combined with vishing attacks, where cybercriminals employ the same manipulative tactics during phone calls. They may call you first, posing as an institution or agency, asking you to disclose private information. To make it “easier” for you, they will offer to send you a text message that you can reply to with the requested information.
In such cases, remember the aforementioned points: legitimate institutions will not reach out and demand private credentials and other sensitive information via phone or text message. If you are suspicious of a phone call or text message, hang up and call the listed number of the institution in question.
If you have been a victim of a smishing attack and your financial information has been compromised,
contact us immediately. Time is crucial when it comes to preventing or minimizing financial loss! Contact us at 505-889-7755 (800-347-2838 outside the Albuquerque area) or visit us at any of our branch locations.