How to Identify and Protect Yourself From Smishing Attacks

By:?Raghu Valipireddy , Senior Vice President, Chief Information Security Officer,?Axos Bank

Smishing is emerging as one of the most effective and widespread forms of phishing in 2022 – partly because most people don’t know what it is.

What’s smishing?

Smishing is when a hacker sends you an SMS text message urging you to click a link, call a number, or give out your personal information.

Here’s an example:

Sarah, your Apple ID account has been locked due to unauthorized login attempts. Please login and verify your information at https://app.le.com/lockedout3934598349.

Their end goal is to steal your personal information, such as your Social Security number, driver’s license number, or credit card information. Sometimes, the link you click may contain malware (malicious software) that will infiltrate your device, or it may send you to a phishing website that is masquerading as a site you use regularly.

How do you tell the difference between smishing and regular alerts?

If you normally receive SMS alerts from your bank, you may not think it strange if you suddenly get an alert about suspicious activity. The message will likely instruct you to click a link to confirm your identity and address the issue. However, once you know what you’re looking for, avoiding smishing attacks gets much easier.

Here’s what to do.

1. Avoid clicking links sent via text message. Make this a general rule you follow for smart data protection. Even if you don’t input any information, you don’t want to accidentally invite malware onto your device.
2. Don’t share your personal information over text. Hackers have gotten good at creating a sense of urgency in their messages, but you should avoid sharing any sensitive information over the phone. Remember that legitimate institutions, including your bank, won’t ask you for your account password.
3. Go directly to the source. If you get a message about suspicious activity or identity confirmation, confirm the authenticity. Call your bank, or log in securely to your account directly.
4. Use multi-factor authentication. This one is key if a hacker does manage to obtain your login information. They won’t be able to get past the second barrier, so your information will remain protected until you can update your username and password.
5. ?Don’t respond. Don’t take the bait. Smishing is a crime, so along with ignoring the message, you can also report it to help combat more data attacks.

Stay Vigilant

Follow these five steps, and you’ll be well equipped to deal with any future smishing attacks headed your way. For more information and tips on how to protect yourself online, visit the Axos Bank Security Center .