We regret to inform you that your bank account has been suspended. Update your personal information at login-bank.com.”

“Your Apple account has been locked due to unauthorized login attempts. Please log in here and verify your information. bit.ly.”

“You received 4 Bitcoins in your account. Register IMMEDIATELY to accept the transfer. www.goo.gl.” 

Have you ever received a text notification similar to one of the messages above? If so, then you have been the target of a smishing attack. 

What is Smishing?

Smishing is essentially the text message, or SMS (short message service), equivalent of phishing. Phisherman, or cybercriminals, send fraudulent emails that aim to persuade victims into opening an attachment or link that instantly downloads malware onto their computer. On the other hand, Smisherman send deceptive text messages that will trick victims into providing their personal information through links that could also install malware onto their smartphones. Because phishing is a decades old scam, more people have been able to successfully identify and avoid falling victim to it, forcing cybercriminals to develop a new, innovative way to scam innocent people: smishing. 

The Bait

More than a third of the human population uses smartphones today. Of those individuals the Pew Research Center found that at least 70% of cellphone users prefer sending text messages over making phone calls. That means the bait is already in your hands. 

There are several reasons why smishing is so effective. First, smartphone users usually use their phones when they’re on-the-go and distracted, which makes them less alert and more susceptible to a cyber-attack. Additionally, most smartphone users don’t think that their phones can be infected by malware, so they fearlessly venture onto dangerous websites assuming they pose no threat. In reality, though, no mobile operating system is equipped to protect your device from these types of attacks. Apple and Android users alike must beware of suspicious links because they can and will pose a threat to their security!

The Smisherman 

Like with most scams, these cybercriminals want to steal your money. They obtain it by convincing you to enter your personal data or by installing malware onto your device that can track every action you take on your smartphone, including each key your press as you enter your login information for any sites you visit. 

Beware Business Owners!

There is a new trend many business owners are adopting among their employees – “bring your own device” or BYOD. The more employees use their personal smartphones for work, the greater the risk to your company. For example, if an employee accesses your company’s secure data on their personal smartphone while under a cyberattack, the smisherman can easily steal your company’s money and personal data. Educate your employees on the tactics cybercriminals use and possibly reevaluate your company’s policies on the use of personal devices. 

How To Avoid Falling Prey to Smishing Attacks 

The easiest and best way to avoid getting scammed is by doing nothing at all. Do not respond to the messages and do not click on any links or phone numbers embedded in the message. 

Don’t store your bank or credit card information in your smartphone. If the thieves are successfully able to slip malware onto your phone, then they have access to any personal data recorded on your phone. But if the information isn’t there in the first place, they can’t steal it! 

Call your bank or merchant directly if you are questioning the legitimacy of the alert. However, note that no bank should send text messages requiring you to update your account. 

Be aware of phone numbers that don’t appear to be real phone numbers. Hackers usually use email-to-text numbers instead of their actual, trackable phone numbers. 

Report smishing attacks to the Federal Communications Commission (FCC). The more people that know about these kinds of attacks, the less people will fall for them!

If you think you have been the victim of a smishing attack, contact us. We can walk you through the process of reporting the theft and ensuring your personal information is safe.