It’s not me; It’s also NOT YOU!

Phishing is a form of cybercrime that involves impersonating a legitimate person or organization. The goal is to attempt to trick you into giving up your sensitive data, including passwords, bank account details, or credit card numbers. Phishing attacks can happen through various channels, such as email, phone calls, or social media. One of the most common and effective ways that hackers use to phish for information is through text messages, also known as SMS phishing or smishing. 

Text messages are a convenient and popular way of communicating, especially in the workplace. However, hackers can also use them to send you malicious links, attachments, or codes that can infect your device with malware, ransomware, or spyware. They can also use text messages to lure you into a fake website or app that looks like the real one, where they can steal your login credentials, personal information, or financial data. Bad actors can also use text messages to manipulate you into performing an action that benefits them, such as transferring money, buying gift cards, or disclosing confidential information. 

I want to share a recent example, where I received a text message from an unknown number claiming to be my boss. The message said, “Chris, I need you to work on an urgent project.” This message seemed plausible because it used my name, and my boss has in the past asked me to work on projects via text message. However, I was suspicious, because the number was unfamiliar and the message was very generic. I decided to contact my boss directly via a different form of communication; in this case, an email. I asked him if he sent me that text message, and he confirmed that he had not sent any message to me.  

When I received a second message from ‘the boss’ from a different number, I realized that his account was under attack. I immediately informed our Infosec Team about what I had discovered so they would know an attack was taking place. 

Something so innocent as a text message could have been disastrous, had I not recently attended a training session from eMazzanti Technologies that taught me to be vigilant about possible phishing attacks.  

To protect yourself from phishing attacks, here are a few tips follow 

• Before responding to any text message it is important to verify a sender’s identity. If you receive a text message from someone who claims to be your boss, colleague, friend, or family member, but you are not sure if it is really from them, contact that person directly via a different form of communication, such as a phone call, an email, or a face-to-face conversation. Do not reply to the text message or click on any links or attachments until you confirm their identity.

• If a text message is sent to you that contains a link, or a file, do not click on it, or open it. Look at the link or the file name carefully and see if it matches the domain name of the legitimate website or app that you are expecting, or if it has a relevant and descriptive name. If the link or the file looks suspicious, has a long and random string of characters, or has a generic or irrelevant name, do not click on it, or open it.

• Always use strong and unique passwords for your online accounts. If you receive a text message that asks you to log in to your online account, do not enter your password on the website or app that the link or the file directs you to. Instead, go to the official website or app of the service that you are using and log in there. Make sure that you use a strong and unique password for each of your online accounts, and change them regularly. You can also use a password manager to securely generate and store your passwords.

• Always report any phishing attempts to your IT department or other relevant authorities. If you receive a text message that you suspect is a phishing attempt, do not ignore it or delete it. Report it to your IT department or relevant authorities, such as your bank, your service provider, or local law enforcement. This way, you can help prevent other people from falling victim to the same phishing attack, and you can also help the authorities to track down and stop the hackers.

Phishing Attacks via text messages are a serious and growing threat that can affect anyone who uses a mobile device. Hackers can use text messages to impersonate your contacts, and try to trick you into giving up your sensitive data, infecting your device with malware, or performing another action that benefits them. To protect yourself from these phishing attacks, you need to be vigilant and cautious when you receive any text message. Always verify the sender’s identity, check the link or the file before clicking on it or opening it, use strong and unique passwords, and report any phishing attempts. Trained eMazzanti professionals can help you avoid falling prey to these phishing attacks, while keeping your security, privacy, and money intact.