Beware of Spam Text Messages (Smishing)

Last month, we outlined some helpful ways to identify phishing email attacks, including egregious grammar errors, strange domain alterations, and suspicious links or attachments.
But it's imperative you remain just as vigilant when it comes to spam text messages, as well. 
smishing text messages



the fraudulent practice of sending text messages purporting to be from reputable organizations in order to convince someone to reveal personal information, such as credit card numbers or passwords. 
In 2020, the FBI reported that 'smishing' attacks resulted in Americans losing more than $50 million.
Today's hackers are smart. They're not only innovative and tech-savvy, but they're extremely adept at using social engineering techniques to manipulate people into divulging confidential information.

Smishing attack targeting Android users 

It's best to always be cautious whenever receiving text messages from random numbers - especially if they're claiming to represent a bank. According to BGR, a dangerous and complex Android smishing scam is jeopardizing the safety of bank accounts. 
Brazilian Remote Access Tool Android (BRATA), a malware that initially targeted users in Brazil via Google Play has now made its way to Spain and the United States. The scammers behind BRATA are using the malware to steal financial information from Android users and then drain their bank accounts. 
First, purporting to be a bank representative, the BRATA hackers will send an SMS text message that links to a website. If the user clicks the link, the site will immediately prompt them to download an anti-spam app, in addition to an alert stating a bank operator will contact them shortly to discuss the download further. 
If the victim enters in their information, they'll receive a call from an actual person - a real-life hacker - and they'll attempt to sway them into downloading the BRATA malware through social engineering. If they are believable and the app is downloaded, the hacker will have full control of the victim's phone and be able to uninstall antivirus applications, modify settings to get more privileges, and access bank accounts. 
In the first six months of 2021, smishing attacks have increased by nearly 700% (ITPro). 

Preventing smishing text message scams 

Whether smishing or phishing, the sender of the message is out for your information. They'll pose as a trusted source (like a bank) or acquaintance and tell you that urgent action is needed to resolve a problem, avert a serious threat, or accept an award. 

Though email remains extremely popular, especially within the workplace, only 20% of emails are opened. However, 98% of all text messages are read and 95% of those texts are responded to within 3 minutes of being delivered (SMS Comparison). 

Here are some tips to keep in mind to avoid falling victim to spam text messages and fraudulent app downloads: 

  • Know the signs -- smishing messages will typically include:
    • a strange-looking link or downloadable file
    • messages coming from numbers that contain unusual characters 
    • an urgent request for you to verify personal information
    • the name of a bank or brand you're familiar with
    • congratulations on winning a contest you've never entered. 
  • Keep your phone's software up to date -- Updating your web browser and phone's software can ensure many of these smishing attacks get blocked by iOS, Android, Chrome, and Safari. 
  • Stick to official app stores -- Though a recent UltimaSMS scam affected the Google Play Store, Google's security team removed all the fraudulent apps. Other play stores, however, aren't as vigilant. And unfamiliar sites prompting downloads are often home to hoax apps. 
  • Never give away personal information -- Whether it's responding to a text message, talking over the phone, or logging into a site you think you're familiar with... If you're not 100% sure you're dealing with a trustworthy person, site, or developer, don't enter or give away sensitive information. Ever. 
  • Report spam texts right away -- Keep in mind, just receiving a smishing text won't cause any damage, but to avoid further issues down the line, it's recommended to forward a text message hoax to SPAM (7726). 

When it comes to smishing, phishing, and everything in between, you should always trust your gut. Whether it's downloading a strange app, receiving a questionable call/email/text, or talking to a "reputable contractor" in your front yard, if you have a bad feeling, don't make any further moves. Stop, reevaluate, and do some quick research. If it seems too good to be true, it probably is. Conversely, if it feels like a scam... once again, it probably is. 

Email Marketing Mobile Tips  

No comments