Ding! The notification has just gone off that you have a new text message. You open it and see a note that reads, “You won’t believe it, check out this video!” Sounds intriguing, right? But there’s a good chance this is a messaging attack. What is a messaging attack, you ask? This is when cyber attackers use SMS, texting or messaging apps to contact and attempt to trick you into a scam. This SANS Institute newsletter explains that these types of attacks are sometimes also called Smishing, which is a play on the word phishing.
Messaging attacks can be more dangerous than traditional phishing email attacks because they feel more informal or personal. Just like phishing email attacks, messaging attacks play on your emotions to get you to act on something like clicking a malicious link or giving up bank information. Since messaging attacks come through in a text message or app that you generally use to chat with friends and family, your guard may be down when reading them.
To help you figure out if a text is a smishing attempt, here are the most common clues of a messaging attack:
- A tremendous sense of urgency with someone rushing you to take action.
- A message asking for personal information like passwords.
- If a message/call to action sounds too good to be true.
- A message that looks like it is coming from someone you know, but the wording does not sound like them.
- A message that makes you have a strong reaction. If this happens, wait a moment, calm down and think it through before you respond.
Additionally, always keep in mind that most government agencies won’t contact you through text messages. So, what should you do if you get a message from an official organization that alarms you? Read the full SANS Institute newsletter for all of their advice.