What is Smishing?

Have you ever been sent a text message with a link or telephone number to call? Be careful! It could be an ID theft scam known as smishing. A link or telephone number often appears in the body of a text message telling you to click here or call a telephone number to win a prize. If you click on the infected link or call the telephone number, it may try to compromises your device with malware or ask you to input personal information. This is an example of a fraud technique called Smishing. You have heard the term phishing; this is phishing done by SMS text messages rather than an email, therefore, SMs phISHING.

How Smishing Works

The fraudsters send a text message with a website link or telephone number to call. They use winning a fake prize or that your account has been deactivated as the bait in hopes for a response from the potential victim.

If you click on the infected website link, it may download malware, which compromises your device or the website will ask you to input personal information such as, social security number, credit card type, credit card number, and PIN.

If you call the automated phone number that you are given, it will sound very official and will ask you to input personal information such as, social security number, credit card type, credit card number, and PIN.

The fraudster will use this information to duplicate a debit/credit/ATM card and beginning using it. The downloaded malware software may allow the fraudster to remotely control your phone and use your phone to access your banking information. Fraudsters can use the information collected to perform ID theft.

How to Identify and Avoid Smishing

  • Do not lend your phone to others.
  • Avoid clicking on links you are not familiar with.
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain.
  • Protect your mobile device with a password and lock it when it's not in use.
  • Keep your mobile device in a safe location.
  • Be aware that fraudsters will continue to create fraudulent applications. Don't download applications onto your phone without checking them out first. Verify the legitimacy of an application by checking the app publisher or seller before downloading it to your mobile phone.
  • Do not modify (jailbreak) your mobile phone, it will make your mobile phone susceptible to an infection from a virus, trojan, or malware.
  • WPI Information Security is always available to answer any questions or concerns about smishing/text messages.
  • There is a handy tool that has been around since 1876, the Telephone. Use it to contact someone immediately, if necessary.