Smishing Techniques You Should Watch Out For

You may have heard a lot of conversations, best practices, and tips on how to avoid phishing attacks through email. It's always a good idea to know how to spot phishing emails and other techniques hackers use to trick users. I would like to make you aware of one such technique called smishing, which is a scam that uses SMS messages that are sent to your cell phone.

Here are a few facts:

● Only about 35% of people know what smishing is.
● Millions of dollars are being lost as a result of smishing.
● Attacks by smishers have increased by 328% since 2020.

How does smishing work?

A random number will send a text message to your mobile as part of the smishing process. There will be a link in the message that you can click to access a phone number, email address, website, etc. Once you click on this link, your browser will take you to a website that contains malware or other harmful software that hackers can use to target you over the phone, through text messages, or through web browser interactions for your personal information and monetary.

What are the various kinds of smishing techniques that I should look for?

A text message from a Coworker or Manager

When you receive a random text message from an unknown number that is supposedly your co-worker or manager, your first instance is to jump to do the task that the ‘hacker’ asks you to do. The hacker may even send the text in an urgent tone using; quickly, asap, etc. to get something completed. They will then send a link for you to click on in order to do that specific job. Make sure that you are aware of the legit channels your manager or team uses to contact you at work. Additionally, keep key contacts safe: Do not respond to messages from unfamiliar numbers.

Warning of legal action

If someone receives notification that they are subject to a lawsuit, it creates a strong urge to find out more about the situation. Essentially, the text message will push you to call a phone number in order to obtain additional information about the legal matter. The hacker will then send a threat for arrest if the user does not contact them. If you see a message such as this, avoid calling the number and block the sender.

Tracking of a package

You may have received a text message from a vendor or business that is popular. This text message will state that you have a package and, where inserted, is a tracking code. The hacker will then send you a link and ask what your delivery preference is.

Notification that you have won something

While this strategy does not always fool many users, there are many people who are curious to see if they have won something. To elaborate, the hacker will send an enticing text message with a creative photograph to tempt users to click. Once the user is misled, the hacker will then ask the user to fill out personal information, such as credit card information, in order to receive money.

Paid Surveys

You may receive a text message from a recognizable company stating that you will be eligible to win a gift card, discount code, or money if you take a “quick survey”. Majority of the time, this is a hacker who wants you to send them your private information or log in credentials.

Do not be fooled by fake 2 Factor Authentication messages

Fake two-factor authentication (2FA) messages.

Hackers will send you a text message impersonating a website that you may use informing you that your account has been hacked and that you need to reset your password. The hacker will then request a 2FA verification code, stating that this is to ensure that your account is indeed yours. Sending a password or account recovery code through text message is never a good idea. Additionally, two-factor authentication recovery codes sent to your phone could compromise your account. As a result, do not distribute this information to anyone and only use it on legitimate websites.

Here are a few tips you should follow when interacting with a smishing message

• Block the sender
• Check with your bank provider on anything pertaining to your account
• Do not give out your 2FA code to anyone
• Check the phone number
• Be careful and slow down when reading “urgent” text messages

Overall, the Infiniwiz technical team takes a proactive approach to your network security. We set up the right IT protocols and help you put in place the employee procedures that will keep your data and network safe from online predators.