Smishing: The New Way to Phish

Earlier this week, we wrote about the rise in malware and Phishing attacks, but since then, there’s been an increase in attacks from phishing’s first cousin, smishing. The word smishing combines SMS, the primary format for text messaging, and phishing. Just like phishing, the attacker wants you to click on a link included in a text message to download malware to your phone, visit a malicious website, or call a fraudulent number. This is not just limited to regular text messages though. Other instant messaging platforms, such as WhatsApp, iMessage, and Skype, are also being used.

Most of these smishing scams focus on financial incentives, such as government checks or tax rebates, but don’t be fooled.

Protect yourself with these tips:

• If a message urges you to respond immediately or act quickly, STOP and think for a moment. Cybercriminals are banking on your rash decision to infiltrate your data.
• Do not click on links in messages – even if the message appears to come from someone you know. Hackers are crafty and can send smishing messages that appear to be any number they wish.
• If you get a message about one of your financial accounts, always do your research and verity its legitimacy. Don’t ever click on a link or call the number embedded in the message. Call the real customer service number of your financial institution and talk to a customer representative about it.
• The same goes for government agencies or companies you do business with. Look up the official contact number for the organization and call them to verify if the request you received is legitimate and needs to be acted on.

Most organizations, including Arkansas Federal, will never send requests via instant message. We also currently unaware of any legitimate business or government agency that will ask for sensitive information via an instant message.