Many services, from grocery pickup to credit score updates, offer notifications via text messages or short message service (SMS). Typically, these notifications are short, vague, and include a link—which makes them great for spoofing! Bad guys use fake notification messages for SMS Phishing, or Smishing attacks.
In a recent smishing attack, the bad guys spoof shipping companies and send multiple fake text message notifications. The text messages state that you have an urgent notification regarding the delivery of a package. Each notification includes a link for more information. Clicking this link takes you to a phony Google login page that is designed to steal any information you enter.
It can be tricky to spot smishing attacks, but like a traditional phishing attack, there are steps you can take to keep your information safe. Follow these tips:
- Think before you click. Were you expecting this message? When did you give this company your phone number? Did you sign up for text notifications?
- Be cautious of a sense of urgency. The bad guys send multiple texts and use words like “urgent” to try and trick you into impulsively clicking a malicious link.
Never trust a link in a text message that you were not expecting. If you think the notification could be legitimate, contact the company another way, such as by visiting their official website.