By Terrell Headen, Special to The Carolinian
Have you received a text from a company you do business with, such as your bank, UPS, a mobile provider, or a tech service like Netflix or PayPal claiming your account has expired or been locked, that there’s been some suspicious activity or you missed a delivery and you need to provide personal information or click on a link to reactivate it? That gives the scammers means to steal your information, money or identity and to infect your device with malware.
The word smishing comes from combining SMS— for short message service, the technology behind texting — with phishing, the practice of stealing personal or financial information through deceptive communications, primarily emails. Basically, it’s phishing by another means, namely text messages on mobile devices.
Like phishing emails, smishing texts are scams that aim to manipulate victims into turning over sensitive data such as Social Security numbers, credit card numbers and account passwords or providing access to a business’s computer system. They rely on persuading you that the sender is a familiar or trusted source and that urgent action is needed to secure a benefit, resolve a problem or avert a threat.
Smishing is not new to the cybersecurity community nor its victims. It’s been seen for almost over a decade. Before COVID-19 trending of this form of attacks on mobile users were on a steady rise throughout 2019. Now mobile users are seeing a significant influx of these malicious text messages. Reports show a almost 30 percent increase since the lock down in certain areas around the globe. These scammers are using offers of COVID treatments, government health updates, access to stimulus funds and even warnings that you’ve been exposed to the virus to lure you in.
The goal of smishing attacks is to persuade you to open a link or download an app that collects personal information such as passwords for bank accounts, credit cards logins, social security information and more. Links may take you to a spoofed website that looks real but isn’t. If you log in, the scammers can then steal your user name and password.
This ruse tends to be effective because while most of us have learned to recognize phishing emails, we are still conditioned to trust text messages. Also, there’s no easy way for us to preview links in a text message like we can if we are viewing an email on a PC.
How do you protect yourself? Knowledge on phishing attacks and the different types is key to staying safe. Avoid clicking links within text messages, especially if they are sent from someone you don’t know. Be cautious when sharing your personal contact information such as email and mobile numbers. Contact your mobile provider to see if they have any spam calling software for download at your providers App Store.
You can also report spam and unwanted messages.
• Report it on the messaging app you use. Look for the option to report junk or spam.
• Copy the message and forward it to 7726 (SPAM).
• Report it to the Federal Trade Commission at ftc.gov/complaint.