Cybersecurity threats continue to climb in 2021 and SMS-Based Phishing or Smishing has risen quickly hitting #2 on the top cybersecurity threats in 2021. At first glance, it may appear smishing falls under the general “phishing” category, however there are several key differences.
While general phishing often occurs online through emails or web browsing, smishing occurs through SMS text messages on your phone. The attacker sends an SMS text message to a user’s phone. Opening the text message itself doesn’t start the attack, but the message contains a link. If the link is clicked, it begins the attack.
Attackers are adding smishing to their portfolio due to the controls many organizations have implemented. Many email programs, such as Google and Microsoft Outlook detect phishing emails and label them as spam. This means the average email user doesn’t even notice most phishing attacks. However, anyone can still get a text message and open a bad link.
Common smishing attacks include:
- A message from your bank asking you to enter your social security number.
- A delivery carrier asking you to schedule a package delivery.
- Other organizations asking you to click a link or give information.
How to avoid smishing attacks:
- Never open a link in a text message. Banks and businesses do not ask for information via text.
- Watch for misspellings or generic language. Like phishing, smishing often contains generic language like “dear customer, sir, or madam”.
- If you think the message is legitimate, call the business directly or go to your online account to give the information.
- Ensure you’re on the Do Not Call Registry. While the Do Not Call list is not foolproof, it will dramatically cut down on unwanted calls and text messages.
- Use the spam reporting feature in your messaging client if it has one, or forward spam text messages to 7726 (SPAM). After reporting the spam be sure to block the number.
For more information, visit NCB's Financial Education Center and visit the module on Identity Protection.