Wednesday, April 16, 2014

New "Smishing" Scam has Tampa Bay banks on alert

phishing, smishing, data securityJust last week, several Tampa Bay area banks reported a new “smishing” scam (SMS phishing, or phishing texts sent to mobile devices) in which mobile users are informed by “bank personnel” that their debit card has been flagged. The text then encourages mobile users to contact a fraudulent number and provide personal financial information.

Phishing through text messages are further proof that attacks continue to come from every angle at once, and are getting more and more clever.

Why is it so hard to practice safe surfing on a mobile device? Why do otherwise intelligent Internet users take actions on their phones that they would never take on a home desktop or laptop computer?

One reason may be the difference between actual security and perceived security. Most people are aware of the threats they face on their home computers and laptops, because information about security hacks is everywhere. They likely know at least one person who has experienced identity theft or a malware attack. But connecting on a phone may feel safer, because the threat has not been fully established.

People might also say they are busy and distracted, but still feel the need to maintain a constant connection even when they are out and about. Let’s face it: it is pretty much impossible to always make wise choices while you are checking email on your phone, ordering a latte, fumbling for your wallet in your laptop bag, and running through your mental To Do list.

So, before you click that link in a text message, or call that unknown number passed through an unexpected message, ask these questions:

1) Do I know the person who sent this text message? If not, ignore it.

2) Is the tone of the text message urgent or persuasive? This is often a dead giveaway that you’ve been singled out for a phishing attack.

3) Is the text message providing an unfamiliar link to click or an unfamiliar number to call? If so, be suspicious.

Here’s the good news: every legitimate bank and business has a real phone number—one you can easily access from the company website. If you receive a text message that you assume is a smishing attempt but are still concerned about your account, don’t jump the gun and take the bait. Just contact the group directly to check in. You’ll get the information you need—and the bank will appreciate the heads up about a scam involving their brand.

Let us also make a suggestion. Consider training your employees on phishing and mobile security, so they are aware of the threats to both personal and corporate information.

More About Information Security