While many people may be familiar with phishing emails that impersonate legitimate companies--and the need to avoid following any instructions within such messages--criminals have increasingly been sending phishing messages via text messages. In some ways, text-based phishing, sometimes called smishing or SMS phishing, is more dangerous than email-based phishing, as it exploits:
1. People's tendency to treat text messages with a greater sense of urgency than they do emails
2. The fact that many more people have spam and phishing filters on their email accounts than have similar software for their smartphone's inbound text messages, and
3. The fact that it is difficult on smartphones to check the validity of links (e.g., to a phishing site) before clicking.
So, how can you stay safe? Here are some tips:
1. Do not reply to text messages from unknown parties.
Do not send anything back--not questions as to the sender's identity, and not requests to remove you from their list. Criminals sending mass test messages learn from such responses that they have reached a real phone and are likely to send you phishing emails, spam, and other undesired communications.
2. Do not send private information via text messages.
3. Never reply to a message asking you to provide personal information.
If you suspect, for some reason, that such a message may legitimate--for example, if you are buying a house and your real estate agent texts you a question--contact the sender by calling him or her, and provide the relevant information after recognizing his or her voice.
4. Never change your password, issue a payment, or perform other sensitive tasks because you were instructed to do so in a text message.
Always verify by calling the sender and confirming on a connection on which you can recognize the sender's voice, etc.
5. Run security software on your smartphone.
Remember, your smartphone is really a pocket-sized computer constantly hooked up to an insecure internet, not simply a smart telephone.
6. Keep technology up to date.
Keep your phone's operating system and any security software on the device up to date--regularly check for new versions and install updates. Also, remember to install apps and updates only from major app stores.
7. Do not share your cell-phone number on social media or anywhere else online.
Sharing your phone number on social media gives criminals easy access to both your phone number and information about you--which, when combined, can help them orchestrate a smishing attack against you, your family, or your work colleagues. (Full disclosure: SecureMySocial, of which I am the CEO, offers patented self-monitoring technology that warns people if they are making inappropriate social-media posts, including sharing cell-phone numbers on social media.)
8. Never click a link sent to you via text message unless it is from a trusted sender.
Even in that case you may wish to manually type the link into a browser. In any event, if you do plan to click such links, always check the actual link sent to you to see where it really points before clicking it.
9. Check your phone bill.
Your monthly charges should be relatively constant. If they are not, make sure there is a legitimate reason for the change. Sometimes there are legitimate reasons for a phone bill to change--but sometimes it can be the result of mischief.