Beware of “smishing,” the text-based form of phishing
It's Cybersecurity Awareness Month, and a good time to become aware of "smishing," which is a word blend of "SMS" (short message services, also known as texting) and "phishing." When cybercriminals "phish," they send fraudulent emails that aim to trick the recipient into opening a malware attachment or clicking on a malicious link, and they “smish” when they try to engage potential victims in the same way via text messages.
According to Experian, smishing is a growing threat, with more than 11 billion spam texts sent in March 2022 alone, according to anti-spam app Robokiller. In 2021, 87.8 billion smishing attacks resulted in $10 billion in estimated consumer losses—a 58% year-over-year increase in spam texts.
Security professionals suggest that you take these precautions to avoid becoming a smishing victim:
- You should regard urgent security alerts and you-must-act-now coupon redemptions, offers or deals, as warning signs of a hacking attempt.
- No financial institution or merchant will send you a text message asking you to update your account information or confirm your ATM card code. If you get a message that seems to be from your bank or a merchant you do business with, and it asks you to click on something in the message, it's a fraud. Call your bank or merchant directly if you are in any doubt.
- Never click a reply link or phone number in a message you're not sure about.
- Look for suspicious numbers that don't look like real mobile phone numbers, like "5000". These types of numbers link to email-to-text services, which are sometimes used by scam artists to avoid providing their actual phone numbers.
- Don't store your credit card or banking information on your smartphone. If the information isn't there, thieves can't steal it even if they do slip malware onto your phone.
- Refuse to take the bait—simply don't respond.
For more cybersecurity best practices, read “Top 9 Cybersecurity Habits to Adopt Today,” in the UC Davis Knowledge Base.
#BeCyberSmart