Less than 35% of the population knows what “smishing” is. Smishing is a dangerous new form of phishing that’s been running rampant. It’s when scam messages are sent to you via text message.
These messages are often brief and contain some type of link that you’re encouraged to click. The link can take you to the same type of malicious phishing site as an email phishing message can.
A smishing message might also pretend to be from a company setting up some type of appointment or government authority looking to approve you for a tax incentive program. These forms of SMS phishing will ask you for personal details that can then be used for identity theft.
Text-based phishing is a growing danger to business network security. We are all so connected through work apps and syncing cloud platforms that if one of your employees’ devices is infected with malware, it can quickly spread throughout your network, cloud storage, and other endpoints.
How big of a problem is smishing? In 2020, phishing via text jumped by 328%, and during the first half of 2021, it increased by nearly 700% more.
If you don’t address the fact that phishing is now coming into their mobile via text message with your employees, it could put you at high risk of becoming a phishing victim.
People tend to trust messages received via text more than those through email. Here are several types of text messages that everyone needs to watch out for because these are popular smishing attacks.
“Thanks for Your Payment. Here is A Free Gift”
One phishing scam does not identify where it comes from. It simply thanks the recipient for a recent payment and gives them a link to claim a free gift.
Most people will have made some type of online payment recently. They may have even signed up for SMS notifications from somewhere like a utility or insurance company. So, getting a “thank you for your payment” text might not seem strange.
But beware of the text offering a free gift. This is a common scam to lure you over to a phishing site.
“We Have a Delivery for You, But Need More Details”
People were already getting all types of packages in the mail before the pandemic. And the pandemic caused online shopping to skyrocket even more.
This is another scam that uses a common type of text someone may get from a legitimate service provider or retailer. This makes them suspect it less as a phishing scam.
It purports to have a delivery that needs more details so it can be delivered. This type of scam often collects personal details on a form that can then be sold. It may even ask the person to pay a small fee of a few dollars to get the “package,” with the goal being to steal their payment card information.”
Fake Installation Appointment Setup
This scam is pretty scary because it happened in conjunction with a real event. The fake SMS impersonated AT&T and stated it was to schedule an installation appointment for the company’s new fiber internet service.
The thing that makes this scary is that the neighborhood just had AT&T fiber lines installed during a month-long construction project. At least one person (and most likely more) that had actually signed up for the new service and were awaiting a real installation appointment received this smishing fake.
A few things that were “off” about the message alerted one careful homeowner, who confirmed the message was not from the internet provider. This just goes to show that a lot of details are available online these days that cybercriminals can use to trick you.
“There Was a Suspicious Login Attempt on Your Account”
Because password theft is so common now, many cloud services, like Google, Netflix, and others, will alert you if there are any sign-ins or sign-in attempts on your account that are from an unknown IP address.
Scammers use this to disguise this smishing message. It claims that you need to change your password to secure your account. If you click the link, it may take you to a page that looks exactly like the same sign-in page you’re used to. But the URL will often be slightly different.
COVID Contract Tracing Scam
Cybercriminals have taken advantage of the disruption of the pandemic. Milking it for every scam they can think of. In the early days, fake texts and emails offered masks, gloves, and other hard-to-find safety items.
Now that the pandemic has moved to a different phase, smishing attacks are using COVID contract tracing to strike fear into people. Messages will state that the recipient recently came into contact with someone that tested positive for COVID. It will then give a link to learn more information.
Is Your Extended Network Secure Enough?
Smishing scams coming into mobile devices is just the latest threat to corporate networks. AhelioTech can help your Columbus area business with a full IT security assessment and a roadmap for better network security.
Contact us today to learn more. Call 614-333-0000 or reach out online.