IronNet Blog

Holiday cyber warning: think before you click

Written by IronNet Threat Research and Intelligence Teams | Dec 1, 2021 3:37:52 PM

As we approach the holiday season, we would like to make you aware of a growing cyber threat known as SMS phishing, aka “Smishing,” and, more important, how to stay safe. Have you ever received unsolicited mobile text messages from an unfamiliar number, containing a strange web link that prompts an “urgent” response from you? This is an example of what’s called “Smishing”. 

Smishing, a combination of “SMS” and “phishing," is a form of phishing where the attempt is delivered via text message. Victims will receive a deceptive message that is intended to lure them into divulging some personal information that the cyber scammers can use for exploitation. Most commonly, they will prompt you to enter your personal or financial details. These scammers will attempt to disguise themselves as banks, governmental agencies, or some other company to lend legitimacy and/or authority to their claims. 

Smishing messages can look different. Some may claim that you have won a grand prize, and request that you share some details in order to redeem it. Others may claim that you are in financial trouble and offer a way out. While they may come in different flavors, a few telltale signs remain the same:

  1. Unfamiliarity -- unknown phone numbers or odd phone numbers (e.g., 5000)

  2. Urgency -- appeals to “act quick”

  3. Links -- redirection links to an external site where they expect to extract information

  4. Information -- requests for personal/financial details

How to avoid becoming a victim of Smishing scams

DO NOT

  1. Click on any links.

  2. Reply to the message.

  3. Provide any personal information (including OTPs, ATM codes, confirmation codes).

DO

  1. Delete the message.

  2. If the message appears to be from the bank or some governmental agency, go online to their official website and find their email/phone number and reach out to see whether this request has come from them.

Report the Smishing attempt to the FCC.

Want to keep up with the latest IronNet threat intelligence and research? Visit our threat intelligence hub.