The Department of Information Technology has received reports of a rise in SMS phishing attempts, known as “smishing”. Smishing is a form of cyber scam that utilizes SMS or text messages. Text messages will feature links to webpages, email addresses or phone numbers that when clicked will automatically open a browser window or email message or dial a number.
The disguised link will then be used to maliciously gain access to personal or device information. This use of email, voice, text message, and web browser functionality increase the likelihood that users will fall victim to engineered malicious activity.
IT Security has prepared a list of steps to take to safeguard yourself from SMS “smishing” scams.
- Most SMS links are created with “shortening services”, which take you to a longer eventual destination link (https://info.example.com/tr/tlreport.html) and substitute it with something shorter (ex: https://t.co/4raG). Be wary of links that you’re not sure where they lead you to.
- Use an “expander” website to expand a shortened URL into its full address to see where it’s really going to.
- Use an inspection site to inspect URL to see if it is safe or has been reported for malicious activity. Virus Total provides a resource for inspecting URLs for safeft.
- When in doubt, throw it out! DO NOT CLICK unless you are absolutely 100% sure it is safe.
Categories: Science and Technology