Imagine that you’re out running errands, perhaps pushing your cart through the aisles of your favorite grocery store. Your pocket vibrates. You reach down to see that you have a new text message with alarming content: An unknown sender, claiming to represent your bank or credit card companies, tells you that your account has been compromised. Immediate action is required.
Needless to say, a text like this can be cause for concern. But before you panic, take a deep breath and read through the message again. Chances are that your accounts are perfectly safe. The message is simply an attempted smishing attack, meaning all you really need to do is delete and then forget it.
What is Smishing?
Smishing is another way of explaining phishing over SMS, or text messaging. It refers to cyber criminals who pretend to represent a bank, credit card company, or other reputable organization, seeking to earn your trust simply so that they can collect your personal information.
Smishing attacks usually implement strong emotions, like panic or fear, to try to elicit an immediate response. This tactic is invoked so that you will open a link, send a response, or otherwise reveal personal information before you really have time to stop, think, and realize that the messenger isn’t who they claim to be.
The impersonation of known or reputable figures is a key element of smishing, lending a false sense of legitimacy to these messages. And because smishing attacks have become fairly sophisticated, it’s crucial to know how to identify them.
3 Ways to Identify a Smishing Attack
If you receive a text that you think is suspect, there are three basic steps you can take to ascertain whether you should follow-up, or simply delete it.
1) Know your texting preferences.
First and foremost, simply ask yourself this question: Have you enabled text communication from your bank, lender, or credit card company? If not, then any texts you receive that claim to be from these organizations will surely be fake.
Reputable financial institutions will not try to contact you through channels that you have not authorized or approved of. So, confirming your text preferences can be a quick way of weeding out smishing attacks.
2) Assess the tone of the message.
While something like credit card fraud is certainly serious, legitimate financial institutions will not use scary tactics or try to manipulate your emotions. They will always maintain a measured and professional tone.
If the tone of your message feels like it’s trying to make you freak out, that’s usually a good indication that it’s smishing.
Related: Reputable banks and credit card companies will carefully proofread their messages. Spelling errors and grammar mistakes almost always indicate smishing.
3) Google the phone number.
If you get a text from a number that you don’t recognize, simply feed it into a Google search. If it’s a legitimate phone number, linked to a real bank or credit card company, then it will surely show up on the first page of your search results, pointing back to the institution in question.
In other words, if you receive a text message that claims to be from Wells Fargo (just as an example), typing that phone number into a Google search should bring up WellsFargo.com right away. If it doesn’t, that’s a sure sign of an attempted smishing attack.
Be Vigilant Against Cyberattacks
Smishing and other types of cyberattack can have disastrous consequences, but vigilance can help you steer clear of them. With any questions about maintaining cybersecurity, reach out to BlueArmor today.