We have all heard about phishing, or at least I hope so. But, how many have heard about smishing? Smishing is another form of social engineering attack that uses SMS (text messaging) and mobile devices instead of the telephone (voice) to glean nonpublic information from unsuspecting individuals.
“Smishing:” A New Threat To Mobile Phone Users
A smishing message usually contains something that looks like it came from a financial institution or a message stating that the person will be charged a certain fee if action is not taken immediately. The individual is then required to click on a link or call a phone number that is conveniently provided to in the message. From there, the victim is required to provide certain information (e.g. account numbers, login credentials, Social Security number, etc.).
Here are some guidelines to protect against smishing:
- Smishing is another form of social engineering – using text messages to get your private and confidential information!
- Always follow company policy regarding securing your mobile device. *
- Don’t reply to unsolicited text messages.
- Don’t “click” on links or open attachments that you are not expecting.
- Verify the authentication of a text message or its sender.
- Don’t enter sensitive information in a text message – keep your information private.
- Don’t call phone numbers as directed in text message. That’s a way for smishing to turn into phishing!
- When in doubt, don’t! Call your Information Security Officer or Network Administrator.
To help you remind your employees about smishing and ways to protect themselves, here’s a security awareness reminder poster that you may print and either hand out to your employees or post it in conspicuous locations: Gone Smishing
*For policies about mobile security, visit BYOD – Mobile Devices Security – Bring Your Own Device Policy.