You may have noticed that the use of text messaging by those other than friends, family, and colleagues has increased.
Retailers like Shoe Carnival, World Market, and others urge shoppers to sign up for SMS communications in order to get a sale price. People also often sign up when ordering online to get shipment notifications via text.
Why the move to SMS? It’s because the email inbox has become so bloated. Retailers can get a better response when sending a text rather than an email that might get buried under multiple others.
Bypassing the email inbox isn’t only being used by retailers and service providers. It’s also being used by cybercriminals that send out phishing attacks.
A phishing attack via SMS (aka “smishing”) can be much more potent than one received by email. Here are some of the reasons:
- People aren’t expecting phishing by SMS (less than 35% of people know what Smishing is)
- You can’t easily hover over a link in a text message
- People don’t know the number that legitimate texts should be sent from
- Smartphones often don’t have an anti-malware app installed
With SMS phishing attacks skyrocketing, it’s important to know the types of scams that you should be on the lookout for.
Smishing Attacks You May Receive
“Problem with Delivery”
It’s easy for a smishing message to fool a person when it doesn’t stick out too much. For example, many people now get delivery updates via SMS that they’ve signed up for when ordering something online.
This smishing scam purports to be one of those legitimate shipping updates from a company like FedEx or UPS. It will state that there is a delivery for you, but more information is needed or possibly a small fee of a few dollars.
People often fall for this and end up providing personal details and/or their payment card number to the scammer.
Positive COVID Contact Scam
This next smishing scam uses the threat of the pandemic as a ruse. It will state that the person has been in recent contact with someone that tested positive for COVID-19. The message will provide a link for steps to take.
People will often click the link, not realizing that smartphones are just as susceptible to phishing sites that inject malware as PCs are.
Bogus Service Appointment
Scammers can get all types of information online to make their attacks more effective. For example, if an installation of new internet service is happening in an area, then most likely there is news about it somewhere online, on a news site or a Facebook post.
This next scam uses that type of information to target people that really have signed up for installation appointments for a new service.
In a South Carolina neighborhood Facebook group, one resident reported getting a text to confirm details of his appointment to install AT&T’s new fiber internet. The same fiber that had just been installed in the neighborhood over the last month.
The savvy neighbor saw that the SMS was asking for information he had already given to AT&T when setting up the appointment for real. But many people could easily fall for this because it piggybacks on a real event happening in their lives.
Text Message from Your Own Phone Number
People are reporting getting text messages from their own phone numbers. This can be unsettling and curious. Some recipients may wonder if they’re tied to some task or reminder app that they set up without realizing it would send an SMS.
This scam is possible due to spoofing software that scammers use to mask the real number they are sending from and use your number instead. This is similar to how scammers can mask their email addresses and spoof another when sending phishing emails.
“Thanks for Your Payment. Here’s a Free Gift”
One SMS phishing scam that has been making the rounds uses the lure of a free gift to get the person to click a link to a dangerous phishing site.
The text message starts simply with, “Thank you for your recent payment.” Many people will have made some type of payment online recently, and may even get real payment confirmation texts throughout the month.
Remember, scammers often try to mimic real communications that we are used to seeing.
The second part of the message is an offer. It states, “Here’s a free gift for you” or “Claim your free gift.” It then includes a link. This is designed as a lure for people that think they may be getting some type of reward from a company they do business with.
Are Your Work Smartphones Properly Protected?
How protected are the mobile devices employees use to access email, data, and business apps? Quantum PC Services can help your Sturgeon Bay area business with a mobile device security plan to help fight mobile-based attacks.
Contact us today to learn more! Call 920-256-1214 or reach us online.