Smishing – short for SMS phishing, is the latest scam among cybercriminals seeking to steal your personal information. Most of us are familiar with email phishing scams - emails designed to look authentic and in most cases make users click a link redirecting them to a fraudulent site. In a similar fashion, smishing scams use your mobile device to trick you into clicking a malicious link.
Cybercriminals send text messages designed to look as though they are coming from a trusted source such as Comcast, Facebook, or your own bank. The scam uses a technique known as “URL Padding.” Messages contain a URL that might at first glance appear to be legitimate, but upon closer inspection is actually filled or padded with extra characters.
Smishing scams are easily fooling unsuspecting users, as most people tend to trust text messages. The texts appear to be authentic and in most cases create a sense of urgency. A message from your bank requesting that you verify your pin number to ensure you are the account holder might appear harmless, leading you to click the link included. Since these cybercriminals are trying to trick you into providing account information, the link will redirect you to a page that looks identical to the website you think you’re visiting. This is when you want to double-check the address bar. With a closer look you’ll notice the padded URL.
The best way to avoid falling victim to a smishing scam is to err on the side of caution. If you receive a text message asking you to verify account information, it is almost definitely a scam. Legitimate companies will never ask you to verify personal information through email or text messages.
If you are unsure, it is always best to contact the company yourself. For example, if a text asks you to click a link to verify Comcast information, instead of clicking the link inside the message, open your browser and type in Comcast’s web address yourself, or call the company to verify over the phone.
For more information about safeguarding your personal information online contact us. Crossroads consulting services can help you implement a system to avoid falling prey to these traps.