The holidays are fast approaching and now is the perfect time for cyber thieves to ramp up their holiday SMS scam campaigns. Smishing (shortened from SMS phishing) is the most popular type of scam used by cyber thieves to steal your personal information.
Over Christmas, scammers have launched a holiday text scheme where they send fake links and claim they can be used to track packages. The texts will be disguised as the Canada postal service or other common shipping companies. Yet the deceptive text messages will give out your financial information to attackers if the links are clicked on.
During the first half of 2021, global reports of these scams climbed 270% compared to the same period in 2020. While the recent surge is aimed at consumers, those attacks can easily cross over to businesses, especially as many employees are working remotely and from their own devices, according to Proofpoint.
"Historically, spelling mistakes and suspect websites were tell-tale signs of a scam," she says. "Attackers are now increasingly more sophisticated and use social engineering techniques to trick," says Jacinta Tobin, global vice president of Cloudmark operations at Proofpoint.
An SMS scam as a phishing vector has become more popular because it is effective. Text messages have a 98% open rate, and 90% of messages are opened in the first three minutes! The click-through to an attacker's page is eight times that of email phishing.
Attackers are also using databases of stolen or purchased subscriber information to make the text messages more personal, adding first names and other details to make the text more convincing.
Consumers should look out for sneaky messages that may describe packages they did not order or transactions they never conducted. Mobile users should stay clear of downloading and installing software that they did not specifically request.
Businesses should be on guard as well. More than 60% of companies around the world, and according to the Government of Canada website since the start of the COVID-19 pandemic, Statistics Canada determined that more than one in three Canadians has received a phishing attack.
How do I spot a Smishing scam?
- Language that pressures you to act now
- Requests for personal information or for you to “verify” your password
- Winning a contest or an appointment opening you didn't ask for
- Spelling or grammar errors, design flaws, and links or email addresses that don’t seem right
- Don’t click the links
- Don’t download files
- Reach out to the sender by using the contact information provided on their official website or social media platforms— not by replying or clicking links on the message itself
If you liked this content, be sure to sign up for our Reis Tech Tips newsletter, which provides expert advice on cybersecurity and managed IT services, delivered directly to your inbox each week. Subscribe here.