Smishing, or text phishing, is a cyber-attack where criminals use text messages to try to gain access to your personal information. The criminals try to convince you that the message is from a person or business you trust so you’ll give away your personal data. They will then use that information to commit identity theft.
Here are a few ways to identify a smishing attack:
- There is a link instead of a phone number to call. Never click on a link unless you know it’s from someone you trust.
- The message may not contain the name of the company. For instance, it may say, “your financial institution is trying to reach you.”
- They ask for personal information such as your pin number, account number, or social security number. Never give this information.
- They’ll often use a rouse to scare you into responding, such as saying your account has been compromised, there’s an unpaid balance that will go to collections, or that you’ve won a prize.
Now that you know how to identify an attack, here are some ways to protect yourself.
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Never click on any links in the message.
- Use multi-factor authentication on all of your accounts. This way, even if someone does get a hold of your username and password, you’d still have to authorize access.
- Back up your data and make sure those back-ups are not connected to the cloud so they cannot be compromised.
- Report the attack to the Federal Trade Commission at ftc.gov/complaint.