SMISHING? What’s that?

Hi there!

I hope your week has been awesome as mine??

We have been discussing phishing over the last couple of weeks and in my last letter, we talked about a type of phishing called Angler Phishing. Well, if you missed that letter, click here to read up. In this letter I’d be discussing Smishing, important things you need to know and how you can stay protected. Now will be a good time to find a comfortable place to read.

Smishing is a form of deception executed via mobile text messaging that leverages trust to trick victims into revealing sensitive information. It is also known as SMS phishing. In many cases, the smisher poses as someone you know or authorized to ask you for sensitive information, such as tech support staff, government workers, a bank official, or another financial institution. I know this sounds like phishing, but the difference is in the medium through which the attack occurs.?

Phishing = Emails and Smishing = Text messages.

How Does Smishing Work?

The intended victim receives a smishing text. This is a fraudulent text message worded in a way that stirs certain emotions and makes you feel comfortable sharing personal information or taking certain actions. These text messages are designed to give the illusion that the sender is legitimate.

See an example of a Smishing text below.

Smishing attacks often work by combining two or more steps. The first step is to get you to feel obligated to act. This can be for various reasons such as to make money or to “save” money that you do not want to be stolen. The second step is to give you an action to take such as following a link that leads to a fraudulent website or even as little as calling a phone number.

Below are some things you can do to prevent smishing attacks:

·??????Question any message that demands you to act quickly.

·??????Never click on links in text messages.

·??????Check the number that sends a message asking for information or to click a link inside it. If it looks suspicious, it is possibly a smishing attack.

·??????Never keep your banking or credit card information on your phone. Malware can be used to access it.

·??????If you do not know who is texting you, do not reply to the message or click anything inside it

·??????Never send sensitive information via SMS. If you are requested to and the message seems to be from someone you know, reach out to them via another means such as a video call or wait till you can speak with them physically.

·??????Report smishing attempts to the appropriate government bodies to help other potential victims.

·??????Do not respond to requests to change or update account information via text message.

Note: Cybercriminals will always come up with new and innovative ways to get access to your personal data, and if you feel you might have fallen victim to an angler phishing attack on social, it is important to report it. Do not forget that anyone and any organisation can be impersonated depending on the resources available to the attacker.

Side Gists

We are having another mentor session this week for our DigiGirls 2.0 cohort. These sessions are value-packed and the DigiGirls beneficiaries are eagerly waiting to benefit from them yet again. You too can listen in via our YouTube channel. If you are interested in having any of our alumni intern at your organization upon completion of their training, please send an email to [email protected] stating your interest.

The “A Day in the Life” series resumed this week for our CyberGirls and ECSL programs. Cybersecurity Professionals from various fields have taken turns sharing their experiences in cybersecurity with the fellows and answering questions specific to what a career in their field requires. You can join some of the sessions via our YouTube channel in the new week.

The Deputy Director of UK Foreign Commonwealth and Development office (FCDO) in West Africa, Rebecca Terzeon, was our special guest this week at DigiGirls 2.0 Lagos hub. She had the opportunity to meet and interact with beneficiaries, and I heard she was super impressed with the activities going on there. ??

It is always fun writing to you and I look forward to doing it again. In my next letter, I would be talking about another type of phishing called “Vishing”. You do not want to miss it

Till then, stay well and remain cyber safe! ??

Yours truly,

Bolatito