SECURE&TIP: SMS AND CHAT SCAMS

This entry is also available in:

 

What is “Smishing”?

After having explained in previous weeks the Phishing and Vishing we are going with the last of the techniques of social engineering or direct cyber-attack to people; the Smishing.

The term “Smishing” is a combination of the words “SMS” or “short message” and “Phishing“. So cybercriminals use instant messaging services such as SMS, but also applications such as Whatsapp, Line, Telegram, etc., to carry out the scam.

This fraud also includes the use of chat platforms such as Skype, Teams, Zoom or social networks, i.e., any medium that allows a third party (known or unknown) to make contact.

Most messages of this type request:

    • Make a payment related to, for example:
        • A package or shipment held in a customs office
        • Payment of a fine or tax
    • Click on a link to unlock a bank account, card or online profile.
    • Or download any image/video of ours. They can be harmless messages (“this is very funny, you have to see it”) and other times they threaten us directly with publishing images of us in compromising situations, so that we will bite (even if it later turns out to be a lie).

How can we avoid this?

    • Again we mention the golden rule; always be suspicious and “double check”. That is, contact the sender by other means.
    • Do not do anything that is requested until you have checked the above (do not click on links, download files or make payments). Even if it looks like a message from a family member, friend, colleague, trusted entity or any other personal or professional contact.
    • If the message is related to the tracking of a package, to the blocking of an account or card, or to an official notification from a public entity (fines, taxes, etc.) check its veracity through applications, website or official contact telephone numbers. For example:
        • In the case of credit cards, there is an even simpler recommendation, which is to try to pay with it. If it is really blocked, this will not be possible.
        • In the case of blocking access to profiles or online accounts, try logging in to check that it does not really work.
        • And finally, in the case of bank accounts and official notifications from public entities. We will almost always be notified by mail, especially in the case of infractions, taxes, non-payments, etc.
    • If you believe that you have provided personal or professional information that you should not have disclosed by this means, notify the IT Department, CISO or DPO in the work environment and report it to the police authorities in the personal environment.