Text or scam? How to avoid smishing

smishing text screenshotHave you ever gotten a text message, like the one shown on the right, that you weren’t expecting?  

In 2023, hackers will still try anything to get someone to click on a link. Look how official it is! Ups-tracking is in the website URL, it has the UPS logo, and it is attempting to instill a sense of urgency. Do you feel like you need to click on that link right away?

This is what we call a smishing attack. Smishing, short for "SMS phishing," is a type of social engineering attack where attackers use text messages to trick recipients into taking a specific action. This action could be clicking on a malicious link, downloading a rogue app, or providing sensitive information like passwords or credit card numbers. 

Smishing is particularly dangerous because people tend to trust text messages more than emails, making them more susceptible to falling for the scam. 

The attacker crafts a convincing SMS message, often with a sense of urgency. The message usually contains a link or asks for sensitive information. They then send the message to as many numbers as possible. If an unsuspecting person clicks the link in the email, the hacker can ask them for important information, get them to take some action and in some cases even take control of their phone. 

For example, earlier this month, Apple released a critical update to fix a bug that would allow a remote attacker to access your phone just by clicking on a link you received in a text. These bugs come out regularly for Android devices, Windows computers and yes, even Apple phones and computers. There are countless hackers waiting for the bugs to come out so they can trick people into giving them personal information or access to their phones and computers.

From there, they can get access to passwords, banking and tax information, credit card numbers, Apple Pay/Venmo/Cash App, etc. People fall victim to this every day.

So what do you do?

Don’t click on links that you aren’t expecting, even if it is something that tells you how important it is. Validate by logging into an app or website directly. 

Use multi-factor authentication. Set up your bank account to send you a code. Last year, we had an article called “That annoying extra login step can save you time and money.” Guess what? It’s still true.

Keep your eyes open for cons. The terms phishing, smishing and social engineering are just trendy names for cons. Hackers can be savvy con artists. Don’t fall for their tricks! And if it sounds too good to be true, it is. 

Also, update your phones and computers. Do it today. Or better yet, set it to auto update so you don’t have to worry! 

By Jerry Patterson, Director of Information Security, and Bob Penn, Senior Security Administrator

October is National Cyber Security Awareness Month, a global effort to help everyone stay safe and protected when using technology. Visit go.rowan.edu/ncsam for more security tips and information.