SMS Phishing, or “Smishing” attacks are targeting users expecting package deliveries this holiday season. Bad actors are now delivering malicious links right to your phone in texts. It’s easy to mistake this type of messaging for the legitimate notices you often see as packages you’ve ordered are shipped and delivered to your home. This is especially true during the holidays as people place a much higher volume of orders for gifts.
Cybercriminals send texts claiming to be from legitimate retailers (e.g., Amazon, Eddie Bauer, Target, etc.). Once you click on one of their links, they attempt to steal your sensitive information, or trick you into downloading malicious software. According to cybersecurity company Proofpoint, these attacks are particularly effective because users aren’t as conditioned to be suspicious of links in text messages as they are with links and attachments in email. In addition, users are much more likely to engage with a text message, when compared to email.
SMS Data According to Proofpoint
- Text messages have a 98 percent open rate; recipients open 90 percent within 3 minutes
- Text messages have 8x the click-thru rate vs. email
What Should Mobile Users Do?
- Be suspicious of any text message you were not expecting.
- If you receive a package delivery notice by text, don’t immediately click on the link. Instead, go directly to the website of the company you were expecting a package from. Log into your account and track your package from there.
- Be especially suspicious if you receive a request to “re-enter” your credit card information to confirm shipping or delivery.
- Know that criminals will target users in ways that offer the easiest route to engagement. Right now, consumers are much more likely to engage with a text than an email or phone call.
If you have questions or need assistance with any suspicious messaging you’ve received, be sure to contact the ITS Helpdesk at X4357 or firstname.lastname@example.org.