Phishing attacks are something most of us are already familiar with – someone emails you and pretends to be someone you know, trying to persuade you to give them your personal or sensitive information. But have you heard about smishing attacks?
Smishing attacks are similar to phishing attacks but there is a difference – you receive the fake messages via text messages instead of an email. It is fairly easy to spot them – most of the time they use bad grammar and misspelled words, and the links, although similar, are different from the original websites (such as ama.zon.com instead of amazon.com).
Here are four very common missing attacks you should be aware of.
Messages about your bank account or credit card
A lot of smishing attacks are messages that look like your bank or credit card company trying to get you to click on a link or send them sensitive information. The message might be that your account is locked or that there has been a fraudulent purchase and you need to verify your identity.
Banks and credit card companies do send messages to their customers occasionally but keep in mind that legitimate messages never include links and that they would never ask for your personal information via text message.
Messages from trusted companies
A lot of companies and brands use push notifications to inform the customers about shipping progress or strange activity on the user’s account such as logging in from a different location. While businesses want their customers to feel safe, push notifications are an easier way for smishers to blend in.
Even if a survey is legitimate, most of the time it is unsolicited so it is a bit challenging to recognize a smishing attack in the form of a fake survey. But basically, a real survey would be prompted by something you did such as visiting a store or interacting with the customer service team.
Messages that you won something
It is great to receive a message that you won something but if it asks to click on a link to claim your prize, it is most likely a smishing scam. The rule is if you did not enter a competition, you did not win anything.
How to spot and prevent smishing attacks
As we mentioned earlier, smishing attacks are not that hard to recognize. Look for misspelled words in the text message, and always check if a link leads to a legitimate website. If the link is shortened, do not click on it.
You can always search on the internet for the number you got the text from – as you most likely are not the only one to receive the text message. And if the message is from a brand you know, but you are not sure if it is legitimate, you can always call their customer support team and request more information.
To prevent smishing attacks, you can use a VPN on your phone to spoof your location and install spam blocking apps.