1. Home
  2. Security
  3. Security | Smishing is the NEW Phishing

Security | Smishing is the NEW Phishing

The following information contains a brief overview of Smishing and how you can protect yourself.

What is Smishing

Smishing is a phishing cybersecurity attack carried out over mobile text. It is a fraudulent practice of sending messages purporting to be from reputable companies in order to induce individuals to reveal personal information.

How to Protect Yourself

The potential ramifications of these attacks are easy to protect against. You can keep yourself safe by doing nothing at all. In essence, the attacks can only do damage if you take the bait.

  • Do not respond.  Even prompts to reply like texting “STOP” to unsubscribe can be a trick to identify active phone numbers.
  • Slow down if a message is urgent. You should approach urgent account updates and limited time offers as caution signs of possible smishing. Remain skeptical and proceed carefully.
  • Call your bank or merchant directly. Legitimate institutions don’t request account updates or login info via text. Furthermore, any urgent notices can be verified directly on your online accounts or via an official phone helpline.
  • Avoid using any links or contact info in the message. Avoid using links or contact info in messages that make you uncomfortable. Go directly to official contact channels when you can.
  • Check the phone number. Odd-looking phone numbers, such as 4-digit ones, can be evidence of email-to-text services. This is one of many tactics a scammer can use to mask their true phone number.
  • Opt to never keep credit card numbers on your phone. The best way to keep financial information from being stolen from a digital wallet is to never put it there.
  • Use multi-factor authentication (MFA).  An exposed password may still be useless to a smishing attacker if the account being breached requires a second “key” for verification. MFA’s most common variant is two-factor authentication (2FA), which often uses a text message verification code. Stronger variants include using a dedicated app for verification (like Google Authenticator) are available.
  • Never provide a password or account recovery code via text.  Both passwords and text message two-factor authentication (2FA) recovery codes can compromise your account in the wrong hands. Never give this information to anyone, and only use it on official sites.
  • Download an anti-malware app. These applications can protect against malicious apps, as well as SMS phishing links themselves.
  • Report. Report all SMS phishing attempts to designated authorities.

Tips On What To Do If You Become Victimized

Take these important actions to limit the damage of a successful smishing attempt:

  • Report the suspected attack to any institutions that could assist.
  • Freeze your credit to prevent any future or ongoing identity fraud.
  • Change all passwords and account PINs where possible.
  • Monitor finances, credit, and various online accounts for strange login locations and other.

Each of these steps has a substantial weight for your protection after a smishing attack. However, reporting an attack not only helps you recover, but keeps others from falling victim as well.

Updated on December 1, 2022

Was this article helpful?

Related Articles