Watch Out for Phishing and Smishing!

Feb 26, 2020 by Tom Pyke

Cyberattacks by email, so-called “phishing attacks,” have been around for years, but still represent one of the most dangerous ways hackers can attack you through your PC, Mac, or smartphone.


Hackers who create phishing attacks send a fake but realistic-looking email to their targets. Malware in the email then takes over the user’s PC and data when the user clicks on an attached file or clicks on a link to a compromised website. The email may look innocent. It may look like a normal email from a friend or a company or even from your boss. But it can spoil your whole day if you click on the attachments or links.


Recently, phishing attacks have been joined by “smishing” attacks, which are text messages that contain malware or links to malware that can take over your smartphone, or worse. Texts usually grab our attention quickly after we hear a bing or other alert announcing they have arrived. There is a sense of urgency associated with texts, and, especially since smishing attacks are a relatively new threat, we may not be watching out for the bad guys trying to attack us through texting.


Smishing attacks are texts that often ask you to click on a link and provide usernames, passwords, credit or debit card numbers, or PINs. The name “smishing” derives from SMS, or Short Message Service, which is the technical name for texting.


In one recent smishing attack, the perpetrator posed as FedEx, sending a fake text to announce a package delivery. Recipients were asked to click on a link in the text to get details. They were taken to a fake Amazon listing and asked to take a customer satisfaction survey. Then they were thanked with an opportunity to claim an expensive product as a reward. But to claim the reward they had to pay a small shipping and handling fee, so they were asked for a credit card number. Without realizing it, they had signed up to be billed $98.95 every month for continuing services.


You can protect yourself from phishing and smishing attacks by staying alert for possible attacks. Carefully examine all incoming emails and texts. Look for anything unusual, such as misspellings, grammatical errors, lots of exclamation points, missing or slightly altered sending addresses or phone numbers for texts. If the email or text came from a company, compare it to one you have received before from the same company. Look for minor differences. For example, look at the sender’s phone number or text message code to be sure it is similar to those on texts you have previously received from the company.


Don’t click on links in suspicious emails or texts. Some emails or texts may look like they came from someone you know or trust, but they are attacks disguised to look familiar.


For example, if a fraud alert text looks like it came from your bank, go directly to the bank’s website to determine the status of your account or call your bank rather than click on anything in the text. Don’t be rushed into responding right away because the text sounds urgent. If an offer you receive by email, text, or phone call sounds too good to be true, it probably is. So, stay clear!


You may be tempted to reply with a “STOP!” But resist the urge because you could end up being the target of many more phishing or smishing attacks. The best thing you can do is immediately block the sender and delete the incoming email or text.


It pays to be high-tech street smart. Bad guys will use everything they can think of to get your attention and harm you. Don’t let them win…