Smishing is a mashup of SMS and phishing. So if you know what phishing is, smishing is just phishing over SMS. It’s an attempt to trick you into thinking you’re getting a message from someone you trust, so that you hand over valuable information to someone you should not.
The U.K.’s National Cyber Security Centre just published guidance on how to combat smishing that’s useful for businesses and customers alike.
Here are five ways to combat smishing:
- No personal details. If you’re a company, don’t ask for personal details by text. And if you’re a customer never give personal details by text.
- The simpler, the better. If a company’s messages are simple and consistent, it’s easy to spot the fakes. Attempts to trick you will often take more words, and they won’t read the way a company’s texts usually read.
- Links and phone numbers are suspect. Avoid links, phone numbers and email addresses. Customers should already have that. As a company, if you have to include a link in a text message don’t use link shorteners. Link shorteners are an immediate scam signal.
- Promote independence. Instead of customers getting contact information from the text they should be able to easily, and independently, get your contact details themselves from your website or another official channel.
- Report scams. Customers should report attempts to mimic companies. And companies should make it easy to report them.
Really, not responding to requests for personal info and not clicking links can get you a long way in avoiding getting smished. Which, when you say it out loud, sounds like something you really want to avoid.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays