How to Spot "Smishing"

In Information Security terms, social engineering means “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”

According to a Brand Phishing Report by Checkpoint Security the first quarter of 2022 saw a dramatic increase in social engineering attacks. While phishing is more widely used via email, malicious actors are now taking it one step further using "smishing" – texting victims directly. The increase in attacks should remind us to be vigilant and aware when working with email and on smartphones.

• “Smishing” or SMS Phishing is a text sent to try and fool you into tapping a link or responding. Always block unsolicited text messages from numbers not in your contacts.

• Some messages may not even have links or attachments. These are messages trying to start a conversation to set a tone of trustworthiness before “the ask.” Don’t be fooled! Delete!

• If you've received a strange text or email from someone you know, always double check with a sender before opening, responding or following links in unsolicited emails. Don't assume a text is legitimate because it comes from a familiar phone number or area code. Spammers can use caller ID spoofing to make it appear the text is from a trusted or local source.

• Nearly all high-profile breaches begin with a click on a link or an opened attachment. When in doubt, throw it out! An email can always be re-sent!

Remember, Banks will never text or email you asking for personal information.

More Resources
Think you've fallen or a smishing scam? Report suspected smishing to the FCC and the FTC.

For more tips visit our Cybersecurity Center!