Hackers are taking phishing schemes to a whole new level. Rather than sending an infected email, or prompting you with a pop-up, hackers are now sending phishing texts to your smartphone. And because anyone can send you an SMS, it’s very difficult to stop them.
Text messages come in a few varieties:
The first are messages you receive from someone in your contact list that you are actively connecting with. For example, a family member or a friend asking you “what time is dinner tonight” or a colleague confirming that they’ve sent information over to a client.
On the opposite end of the spectrum are text messages that are clearly spam. These messages come from unknown numbers and are generally ripe with spelling errors. They also ask you to take some ridiculous action. For instance, Canada Revenue Agency sends an SMS indicating you have received a refund of $120.52 and to enter your banking information to deposit it. Most people can tell right away that this is a fraudulent message.
Now the real issue are the texts that look like they could be legitimate. These messages are usually from businesses and services that you are aware of and might have given permission to message you. They might appear to be from a supplier providing an update on an order, or they might be from your bank indicating that there has been fraud on your account. They’re generally ask you to take action: click a link, reply back with some information, etc.
So, how do you know if the message is legitimate? Here are 3 rules you can follow to help identify a fraudulent incoming text message:
- Don’t Respond to a Call to Action
- Pay Attention to Odd Behaviour
- Do Some Research First
This is a BIG red flag. The message requests you to take some type of action. This could be to click on a link, call or text a number, enter payment details, or simply reply. Regardless of the action, when an unknown number asks you to do something fishy, consider it as a phishing text.
Be wary if the message sounds strange. For instance, if the originator of the message has your name, but greets you with “Hello, friend”, or “Dear client” then be cautious about replying. Also, lookout for any grammatical/spelling errors. This could be as simple as the name of your bank with a zero instead of an O (e.g. BM0).
You might still be wondering if the message is real. What if you don’t respond? Will your package be put on hold? Will your bank account be disabled? That’s what hackers pray for - doubt. What if the message IS legitimate? Well, do your research first. Call the supplier or your bank directly, check their online portal (if they have one), or look up the number to see if it has a history of spamming. Always verify the SMS through official channels first!
If a cybercriminal gains access to your phone, they can review your messages and emails, get banking information, and stir up a whole lot of trouble for you. That’s why you need to be aware of SMS scams. To protect yourself from phishing texts, you should turn on the “Block Unknown Sender” feature on your device. This will help filter senders with numbers that are not in your contact list and appear to be fraudulent. You can also utilize an anti-spam service. Finally, any time you get a fraudulent text, you should go into your contacts and block the number. This won’t prevent them from spamming you from a different number, but it will prevent recurring spam from that number. Protect yourself now to prevent a breach later!