Phishing is the practice of sending fraudulent messages or emails pretending to be a part of reputable companies and trying to get individuals to reveal personal information about themselves, whether it be social security numbers, bank account numbers, passwords, etc. In the past few years, the number of phishing scams have been increasing at an immense rate. According to the security firm Lookout, the rate at which enterprise users are falling for phishing attacks on mobile has increased by 85% every year since 2011.
Normally, we see many of these messages in our spam folders within our emails; however, over the years, the act of sending those messages to your mobile device has increased and many scammers have been successful with stealing individual’s personal information. Because of the way we use mobile devices and the kinds of communications we send and receive, it’s easier for attackers to trick people into clicking or tapping on links that they shouldn’t. Messages through text or social media tend to be shorter, so it’s easier to craft a convincing message. Most of us also have our mobile devices with us 24/7 and so we’re often more distracted when we receive phishing messages on mobile, which makes us less likely to apply the proper scrutiny. According to IBM “users are three times more likely to fall prey to phishing on mobile, than they are on desktops.”
The main reason behind this is that while on your emails, you have a spam folder in which the majority of your fraudulent emails end up, your phone does not have that same folder for text messages. Your mobile device does not sift through your texts to see which are fraudulent and put those in a spam folder so that you know not to tap on malicious links.
What does it look like?
Cybercriminals always try to trap you into providing account information, such as a login name, password or credit card information by tapping on a link that takes you to a website.
In some cases, you’ll receive a text message with a sense of urgency:
Dear customer, Bank needs you to verify your PIN number immediately to confirm you’re the proper account holder. Some accounts have been breached. We urgently ask you to protect yourself by confirming your information here.
Sometimes, scammers try to capitalize on something timely, like tax filing season:
“IRS Notice: Tax Return File Overdue! Click here to enter your information to prevent being prosecuted.”
How to Avoid a Smishing Scam:
- Keep in mind that government agencies, financial institutions and legitimate businesses will never request sensitive financial information via text message.
- Don’t respond to unsolicited text messages or click on any links. Links can install malware on your mobile and take you to spoofed websites that look authentic. Immediately delete the suspicious message from your phone.
- Stay alert to anything marked as “urgent” or requesting that you “confirm” anything or take some kind of specific action “immediately.” Don’t fall into the scammer’s trap of having created a false sense of urgency.
- Use PhishPro Campaign to test your employees Phishing Awareness within a safe environment, if users are exploited in the PhishPro Campaign, then it’s a right time to raise Phishing awareness in all employees through PhishPro complete security awareness training.
For more information about PhishPro Campaign, contact us at firstname.lastname@example.org.
- If you’re concerned that your financial institution or another legitimate company is trying to contact you, call the organization directly after looking up the correct number. Check the back of your credit or debit card for a number to your credit union or bank or get the organization’s number online. Do not visit the website or call or text a phone number that the text message provides.
- Consider using anti-virus/antimalware software on your mobile phone.