Hello and welcome to today’s Tech 101. Now before we dive in too deep, let’s actually pause and look at a few scenarios for a moment. Let’s say you’re sitting there and you happen to get a text message and it actually sounds relatively urgent.
We’ve been getting a lot of these lately with the holidays and just overall phone usage in general, but it pops up on your phone that your bank account may have been temporarily disabled and click here to log in or verify your credentials. Or what I’ve actually gotten very recently was the United States Post Office is unable to verify your address. Please click here to update your address so we can deliver your package.
Now what we’ve just experienced is what is called smishing and that is today’s Tech 101 topic. So smishing actually is short for SMS phishing or pretty much text-based phishing. And it’s very similar to the idea we know with phishing, only instead of using it through email, it is done through your text message.
And let’s be honest, how often are you without your phone? And even if you have your phone, are you more likely to check your text messages or your email more frequently? So with an increase in text-based or SMS-based messaging, it only makes sense that now malicious actors are pursuing that as a new threat avenue. So it is one of the fastest growing malicious attacks is smishing. So how does it quite work? You see, most people are slowly getting to the point where we’re a little bit more cautious with our email.
We look at the sender, we look at the email address, we look at the details, the content, and if something doesn’t seem right, there’s a lot of clear signs. Now think about your text messaging. You get emojis, you start getting content that is just, I’ll be honest, I’m not a great typer on my phone.
So when I’m texting someone, there’s a good chance there’s some misspellings, some bad grammar, and because it’s done by text, that’s just kind of accepted. So a lot of the warning signs that we used to have for phishing or email-based attacks, really those red flags go away when we’re looking at smishing attacks. In a lot of other cases, because it comes to your direct phone, it feels more personal and it has an added sense of urgency.
I see this a lot because we’ve recently started communicating with our firm clients more by SMS instead of email, because as soon as they get that SMS, they want to resolve it, they want to fix it very quickly. And they respond much faster if we do SMS instead of email. So this is just one more way that these malicious actors are attempting to attack.
We read text messages more frequently. We get used to alerts and higher, faster warnings coming through text or SMS. And we typically respond because it does feel like it is a greater threat.
Now we’re seeing these growing in popularity. There’s a lot connected to banking. And this is why here, especially here with Financial Guardians, we’ve really been trying to push to stop using email and SMS or text-based multi-factor authentication.
The less that people are using your phone, especially as a text or email-based system, the more secure things are going to be. But right now, a lot of banks and a lot of financial institutions are seeing this as an added threat. We’re seeing this a lot with package delivery, because again, we’re very anxious when a package comes.
So there’s that sense of urgency again. It also is connected to account login and multi-factor warnings, as well as a whole myriad of other scenarios and attacks. So then I guess the real question is what happens if you do happen to click on or press on one of these links? And it could be quite a few things.
Because of the way mobile phones work, you could actually put a small level of risk that you could be passing or sharing your credentials with a remote user. Again, that one is relatively low, but it is not non-existent. Beyond that, you could be triggering a download to download malware.
There’s been a lot of attacks on both Android and iPhone-based systems with malware attacks. This is just one more especially easy way that that malware can get downloaded. It could also just prompt you to try to call or respond with personal information.
And especially because again, it’s coming through a more intimate or personal connection, people tend to respond more likely. All right. So again, a lot of the warning signs that we are used to are not quite there.
But things we want to watch for with smishing, we want to watch for unexpected messages. Don’t just take that text message verbatim. If it says you have a package waiting, go and double check with where you ordered the package from and see if there’s a problem on their website.
Every shipping organization now has websites where you can track. Go to the source and verify. Things that are just adding that urgent sense immediately, there’s a rush, there’s an alert, anything that has that is going to have an added concern.
Something generic like, hello there, or additional warnings. Every time I drive through McDonald’s, I have to laugh because I’ve noticed that my profile says valued customer is my name. So they actually read it that way in the drive-thru.
They’ll say, thank you, valued customer. But that’s a red flag. They don’t have your actual information.
They’re phishing or they’re smishing for it. So just be cautious to spot it with those items. And again, if you get that, double check before you press anything.
Double check before you click or forward. Go to the source and confirm it. Especially because at this moment, a lot of people aren’t putting protection on their mobile devices.
There is a lot of opportunity for reduced security when these people attack a mobile phone. Most people, still most, not all, have some form of protection on their laptop or desktop. Very few people have protection on their actual individual phone.
So smishing is a more advanced form of phishing that targets just your SMS or text-based messaging. It is more focused on urgency and personal connection. So these actually have a much higher press rate than a phishing or an email-based attack.
So please be cautious. And as always, if you get something you aren’t sure about, please share with us and we will try to help you diagnose. Otherwise, have a great day.
And thank you very much for watching.
If you do not fully understand an issue or if you need assistance working through a resolution, the team here at Financial Guardians is available for Individual Support Calls to assist with any individual or specific matters.
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
Financial Guardians has partnered with the California Society of Tax Consultants to provide a 30% access discount as well as many other offers. More info can be found at www.cstcsociety.org
Great reminder!