Are you the target of a Smishing attack?

Internet scam artists have found a new way to deceive user to surrender their personal information. It’s called SMISHING -- when someone tries to trick you into giving them your private information (including user IDs and passwords) via a text or SMS message.

It is an emerging and growing threat, a form of criminal activity using social engineering techniques in the same way Phishing is for email scamming. Smishing may include tricking the user into downloading a Trojan horse, virus or other malware onto their cell phone or other mobile device. Criminals love Smishing because users tend to trust text messages, as opposed to email, of which people are naturally more suspicious.

Often the text message will contain a URL or phone number to click or call, and will display a "5000" number instead of displaying an actual phone number. Any text message with a "5000" number indicates that it came from an email to a cell phone, and not from another cell phone. Generally, the Smishing message will request an immediate response.

Warning signs, you have been targeted

You may be the target of a Smishing attack if you have received a text/SMS message from a "5000" number, or where there is a URL link in the message asking you to respond immediately, or when you cannot identify the sender of the text/SMS message.

How to prevent Smishing attempts on your cell phone:

1. If you don’t know who the message is from, DO NOT REPLY.
2. Even if the message says "text STOP" to stop receiving messages, DO NOT REPLY.
3. Do a web search on the number and message content to see if it’s already been identified as a Smishing attack.
4. DO NOT click on any links in the text/message.
5. If a company has been identified in the text/SMS message, you can look up on the web and get the company phone number, and call the company customer service number to verify the message.
6. If it doesn’t seem right, don’t fall for the text/SMS message.
7. You can block the call/text message on IOS and Android devices. 8.
8. Register with the DO NOT CALL registry with the FTC.
9. File a complaint with the FTC regarding the spam message.

Image credit: moj0j0 / Shutterstock.com

John Kronick is Director of Cybersecurity Services at PCM, Inc. Mr. Kronick has over 25 years of professional experience in providing strategic and tactical privacy, security, risk management, transformation and forensics assurance services to healthcare, governmental and commercial entities; including CISO roles at Gartner, CitiBank, Purdue Pharma and Estee Lauder, 3 years of significant expertise in public / private law enforcement liaison activities, 4 years in a "Big 4" public auditing firm (Deloitte), 8 years SOX, PCI and security compliance management, as well as 15 years of global security operations.