Text Message Scams

The Interview

The Newest Scam in Town

Remember the saying, "There's an app for that."? Well now it seems that may apply to text messages too. Getting a code for your multi-factor authentication? Text Message. Getting package delivery update? Text Message. Miss a payment? Text Message. Legitimate companies know we are much closer to a text than an email. And now, so do scammers.

The scam may go something like this: "Your package is being held until we can confirm your shipping details. Click [here] to confirm." Once you click, a world of possibilities awaits. The link can take victims down a myriad of fraud paths including:

  • Entering credit card details

  • Entering credentials (e.g., Amazon, UPS, FedEx)

  • Download [malicious] software

Attackers could also just be fishing for 'live' phone numbers to sell or use in other scams. The possibilities really are endless but no matter the attacker's plan, the advice remains the same.Don't click.

The real dangeris in the link itself. Most of these scams use a shortened URL. Short links (e.g., bit.ly) are intended to allow people to include long links in short spaces (think tweets). Unfortunately, they also mask the true destination of the URL and can be hard (if not impossible) to know where you will end up after all the trackers and redirects are processed.

There are many variations of SMS scams to be aware of. Here are some other commonly used scams to be aware of:

Wrong number or unknown acquaintance scam– attackers send texts pretending to be a friend or a friend of a friend in an attempt to get you to engage.

Bank account closing / locked debit card scam– attackers send texts intended to elicit fear and hasty, poor decisions by stating your account is closing or your cards are frozen in an attempt to lore you to click their hyperlink to mitigate the issue.

Unfortunately, attackers are creative. Scammers are constantly evolving their attacks and methods. Stay vigilant and trust your instincts if something seems off; do not trust a message just because you see a familiar area code.

So back to the advice:Unless you are absolutely sure the message you received is legitimate, it may be best to ignore the link in the message. Attackers prey on fear and greed, so winning gift cards and losing packages make great pretexts. Don't become a statistic.

Previous
Previous

Back to [Virtual] School

Next
Next

PCI DSS - What it is and what it isn't