Verizon has renewed its warnings to customers about the threat of smishing, a social engineering approach that relies upon texts as opposed to other communication channels like the email used in phishing. The smishing problem may be smaller than the phishing problem, or the robocall nuisance, but it represents a comparable threat that organizations should address in their risk management process.
SMS texts can have an immediacy that exceeds that found in other communications. They tend to be quick, terse, and largely devoid of context. Fear of losing access to an account, concern to help someone who appears to be in trouble, all of these are easily prompted by texts and they can induce recipients to suspend, temporarily, their critical faculties.
Verizon offers a few common sense red flags
- “The message has no relevance to you. The message is completely random, unprompted and has no connection to you or any activity you’ve undertaken. The spam text message will say you’ve won a contest, a prize or free money. An increasingly popular text scam is one which says there’s a delivery issue with a package.”
- “The message is urgent or needs immediate action from you. The message is urging you to act now. These types of fake text messages could pretend to be your bank or a government agency.”
- “The text message contains misspellings or poor grammar. Spam text messages can be identified by poor grammar, misspelled words and awkward use of language. Real text messages from legitimate businesses will use proper grammar, punctuation and spelling.”
- “The text message is coming from a strange phone number or suspicious email address. If a text message is coming from a lengthy and/or suspicious looking email address it is a spam text message.”
- “The text message contains a suspicious link. This is a huge warning sign. If the text message contains a suspicious looking link, it is a text scam. Do not click on the link or follow prompts from these fake text messages.”
The point, of course, is to help users develop sound, skeptical habits. This is the sort of challenge that new school security awareness training can help organizations overcome.
Verizon has the story.