August 08, 2024

Your boss isn’t texting you about a gift card!

Most people are aware of phishing – or email scams – but they may not realize scammers can also target them with deceptive text messages sent to their smart devices. It's called "smishing," a combination of SMS – for "short message service" – and phishing.

Did you get an text from your boss asking you for a favor? Does your boss need you to send gift cards to pay for an upcoming office party or issue as an award? Before you go out and pay up, ask yourself, "Is that really my boss?" It could be a scammer trying to get your money.  

Here’s how it can play out. The scammer sends you text impersonating your boss. They then make up a story about needing your help with something — an office surprise party, a company event, an award for a team member, or even a simple errand. Whatever the reason, they’ll ask you purchase a gift card. But once you hand over the gift card number and PIN, the money is gone.

Signs to Watch For

1.  You’re directed to buy one or more gift cards.
2. You’re told to share the numbers on the back of the gift cards, by reading them off or sending a picture.
3. The request comes from someone you wouldn’t expect to ask for money this way.

What Are Messaging Attacks (Smishing)
Messaging attacks, or smishing, occur when cyber attackers use SMS, texting, or similar messaging technologies to trick you into taking an action you should not take, such as giving up your credit card or bank account password or installing a fake mobile app. Just like in email phishing attacks, cyber criminals often play on your emotions, such as creating a sense of urgency or curiosity. However, what makes messaging attacks so dangerous is that there is far less information and fewer clues in a text than there is in an email, making it much harder for you to detect that something is wrong.

Sometimes cyber criminals will even combine phone calls with messaging attacks. For example, you may get an urgent text message from your bank asking if you authorized an odd payment.

The message then asks you to reply YES or NO to the message. If you respond, the cyber criminal now knows you will engage with the message and will then call you on your phone pretending to be the bank's fraud department. They can then try and talk you out of your financial and credit card information, or even your bank account's login and password.

Spotting and Stopping Smishing Attacks
Here are some of the most common clues of a messaging attack:

• Urgency: Any message that creates a tremendous sense of urgency, when someone is attempting to rush or pressure you into taking an action, such as claiming your accounts will be closed or you will go to jail.
• Greed: Does the message sound too good to be true? No, you did not really win a new iPhone for free.
• Curiosity: If you get a message that looks like the equivalent of a "wrong number," or someone you do not know just saying "hi", do not respond to it or attempt to contact the sender; just delete it. These are attempts by cyber criminals to start a conversation with you, such as romance scams.
• Personal Info: Is the message taking you to websites asking for your personal information, credit card, passwords, or other sensitive information they should not have access to?
• Payments: Be very suspicious of unusual payment requests, like sending money through Western Union or Bitcoin.

When it comes to message-based smishing attacks, you are your own best defense.

Thanks for the heads up!
Posted by: Jennifer Weaver on August 14, 2024
Reply/View Reply