Delivering SMS “Smishing” Scams

Smishing is high up on the list of words that do not sound as intimidating or threatening as they should. Smashing the word fishing together with the “SM” for short messaging service (aka text), smishing is a cyberscam.

Especially with online shopping skyrocketing during the pandemic, delivery smishing has gained traction. Don’t fall victim to this type of cyberattack.

What does smishing look like?
You’ll get a text message that appears to be from a shipping company. You’re told you have a package coming, but that more information is needed to ensure delivery. You’ll squeal, “a package!” OK, maybe you won’t squeal, but you’ll feel the anticipation and click on the link to help deliver that package to your door.

You might already be expecting a package. After all, as recently as June 2021, PWC was describing a “dramatic shift” toward online shopping. According to its most recent consumer survey, in the last twelve months:

• 44% of those surveyed bought online using a mobile phone or smartphone;
• 42% used smart home voice assistants to shop online;
• 38% used a tablet for online shopping;
• 34% bought something online via PC.

So, you might not think twice about clicking on a link appearing to be from a major delivery service. Don’t do it!

What happens next?
You click on the link and are asked for personal information, even a credit card number or password. Otherwise, clicking on the link will download malware onto your phone. The bad guys use their access to snoop and/or send your sensitive data to its servers, without you knowing it.

The smishing scam is a global one:

• March 2021 saw a 645% jump in Royal Mail-related phishing attacks, equating to an average of 150 per week.
• UPS warns about this type of fraud on its website.
• FedEx has tweeted the reminder, "We do not send unsolicited texts or emails requesting money, packages or personal information. Suspicious messages should be deleted without being opened and reported to abuse@fedex.com."

Package delivery isn’t the only common smishing tactic either. You might also see:

• urgent messages saying your bank account is locked;
• a warning from your credit card company about a fraud alert;
• something promising that you’ve won a great prize;
• an unusual activity report from a company where you have an account.

 
All that would get your attention, right? So, what do you do about smishing? That’s covered next.

Protect against smishing
Avoid getting drawn in by the urgency or emotional appeal of the SMS. Don’t click the link, and don’t call the number in the message either. Instead, look through your bills or go online into your account for information on how to contact that company.

Reputable mail carriers and financial institutions won't send text messages asking for credentials, credit card numbers, ATM PINs, or banking information.

Look at the sender more closely. A message from a number with only a few digits was likely sent from an email address, which can flag that it’s a scam.

Also, don’t store personal banking or credit card information on your mobile phone. That way the criminals can’t access it, even if they do get you to download malware onto your phone.

You can help others to not fall victim to smishing as well. Report any attempts to your telecommunications carrier or your communications regulatory body.

For more helpful information on mobile security threats and how to protect your home network from cyberattacks,
contact us at 262-515-9499