Beware of 'smishing' on Black Friday! What it is and how to avoid becoming a victim of this scam
It is increasingly common to receive text or WhatsApp messages with suspicious links and calls from companies that have been impersonated.
Smishing
"You can now pick up your package at..." or "login here to finish completing your purchase." If you have ever received or are receiving these or similar communications, which are always accompanied by a suspicious URL, via text messages (SMS), messaging apps, such as WhatsApp, or emails is because you are about to be a victim of smishing.
Smishing is an increasingly common scam particularly during high-profile shopping events like Black Friday. In these attacks, criminals use "spoofing" to impersonate well-known brands, banks, or delivery services. They send messages tricking consumers into believing they need to confirm a purchase, pick up an item, or finalize a transaction by replying to the message or clicking a fraudulent link.
Sometimes, they also resort to phone calls in which an automated, pre-recorded voice gives you certain instructions.
The objective of the fraudsters is that their victims enter the link and then download malware, malicious software whose purpose is to gain unauthorized access, or provide personal and private data such as passwords or debit or credit card numbers.
How to recognize a smishing message: What do the messages sent by scammers look like?
In general, the communications sent by criminals who resort to smishing to defraud usually include a text, in which the name of the company or entity they are impersonating may or may not appear, together with a short phrase written, normally, with a more commercial tone.
The two phrases stated at the beginning of this article are in addition to others such as "you have a notice from..." or "click to see the new offers...," to give some examples.
The link incorporated in the message usually resembles the official link of the impersonated company or entity. It may vary by one letter, a special character or a number.
In addition, they do not include the HTTPS protocol, which guarantees that the URL is the official one and that the data is not altered and prevents unauthorized third parties from intercepting it and accessing all the content.
How to avoid being a victim of smishing?
The Federal Communications Commission (FCC) has made available to the public, through its webpage, a set of guidelines so that no one falls victim to smishing. These are:
- Never click links, reply to text messages or call numbers you don't recognize.
- Do not respond, even if the message requests that you "text STOP" to end messages.
- Delete all suspicious texts.
- Make sure your smart device OS and security apps are updated to the latest version.
- Consider installing anti-malware software on your device for added security.
- Protect any sensitive personal information, bank accounts, health records, social media accounts, etc., by using multi-factor authentication to access it.
For its part, the FBI adds to these guidelines that "companies generally don’t contact you to ask for your username or password."
LATEST
