Phishing Moves to SMiShing

Cybercriminals are increasingly targeting you through your smartphone. Attackers send texts that trick you into doing something against your own best interest. This type of security attack is called SMiShing, short for “SMS phishing” trick the target into downloading a Trojan horse, virus or other malware onto their cellular phone or other mobile devices or trick the target into revealing their password, ID or similar private data.  At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.

A few past SMiShing examples include:

• Dear customer, Bank of America needs you to verify your PIN number immediately to confirm you’re the proper account holder. Some accounts have been breached. We urgently ask you to protect yourself by confirming your info here.

• Beautiful weekend coming up. Wanna go out? Sophie gave me your number. Check out my profile here: [URL]

• Your entry last month has WON. Congratulations! Go to [URL] and enter your winning code – 1122 – to claim your $1,000 Best Buy gift card!

If you get a suspicious looking text and it asks you to urgently confirm information:

  • Delete the text
  • Do not reply – even to say Stop Texting or Leave me alone. You are only confirming they have a valid number
  • Practice good password behavior; do not reuse the same password and use 2-step verification whenever possible

Always, when you get a text, remember to “Think Before You Tap”, because more and more, texts are used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information.  Here is a short video made by USA Today that shows how this works: