This website uses cookies

Read our Privacy policy and Terms of use for more information.

Scammers have observed that you have become more adept at identifying dubious emails, so they have shifted to your text messages. The good news is that, as an experience Information Security Analyst, I got you back. The secret is these methods become less effective if you know what to search for.

What’s going on?

Over the past few years, smishing (phishing by SMS) has skyrocketed, and the messages have become very convincing. We are talking about texts that appear to be from the IRS, USPS, etc., with your name, a realistic-looking link, and just enough urgency to compel you to act before you think. Some more recent attacks even make reference to actual recent deliveries or purchases, making them seem nearly indisputable.

The objective is always the same: to get you to click on a link and provide your payment information or login credentials. The method is simply being more refined.

Three Things You Can Do Right Now

Before you tap, pause. The purpose of any language that creates a sense of urgency, such as "your package is held" or "your account will be suspended," is pushing you to act without thinking. A legitimate business will provide you enough time to thoroughly check everything.

Go straight to the source. You can either call the company or open your browser and input the company's website manually instead of pressing the link in the text. Nearly all attempts at smishing are thwarted by this habit.

Delete and report. You can report suspicious SMS to 7726 (SPAM) in the United States. It helps carriers detect these campaigns more quickly and takes ten seconds.

This Week’s Challenge
The next time a text makes your stomach drop a little , please stop. That sensation indicates that the scheme is working as planned. You have already won if you take a breath and go straight to the source.

🔐One Extra Layer of Protection

I personally use a VPN on my phone. When you are on public WiFi at a coffee shop or airport, a VPN encrypts your connection so if you accidentally tap a sketchy link, your data is much harder to intercept. I use Surfshark. It covers unlimited devices and costs less than a coffee a month.

Stay curious, stay safe. See you next week.

Dong Fae
Information Security Analyst

👉 Subscribe to Weekly Cyber Tips — https://weeklycybertips-newsletter.beehiiv.com/

Keep Reading