Mobile and email messaging volumes continue to increase globally, and so far the amount of mobile messaging traffic in particular doesn’t show any signs of slowing down. Billions of text messages are sent each day worldwide and threat actors are actively targeting users—and their money—through text message/SMS phishing (smishing). We process more than 50% of North America’s mobile messages and our telemetry reports indicate mobile phishing messages increased by 328% in Q3 2020 when compared to Q2 2020.
Threat actors understand that consumers trust mobile messaging and are much more apt to read and access links/URLs contained in mobile messages than those in email. This level of trust combined with the reach of mobile devices in the general public where nine in ten possess a mobile device, makes the mobile channel ripe for fraud and identity theft.
Smishing messages often use fraudulent branding combined with urgency and a request that a user click a malicious link. Below are recent examples of delivery, social, and financial smishing attempts as well as five ways mobile users can avoid smishing:
Five Ways to Prevent Smishing
- Ensure you are on the Do Not Call Registry. Even if you think you signed up for this, re-registering your mobile phone number may be necessary. Visit https://www.donotcall.gov/verify.html to be sure. While the Do Not Call list is not foolproof, it should dramatically cut down on unwanted calls and text messages.
- Use the spam reporting feature in your messaging client if it has one, or forward spam text messages to 7726 (SPAM). You can also report to the FTC at ftc.gov/complaint or 1-888-382-1222. After reporting spam be sure to block the number.
- Do not click links sent to you via text message, unless you’ve been expecting them or have verified the sender is legitimate.
- Visit trusted vendor websites directly (separately from text messages). If you receive a text message that asks you to take an action such as checking an order status or changing a password type—don’t click the link. Instead, type the organization’s URL directly into your browser and proceed from there.
- Finally, do not for any reason respond to strange texts. Doing so only lets them know you’re a “real person,” setting you up for additional harassment down the road.
For more information on secure mobile messaging, please visit https://www.proofpoint.com/us/solutions/mobile-message-security-solutions-for-service-providers
Subscribe to the Proofpoint Blog