Unless you live under a rock, by now you have been targeted by at least one phishing scam. Phishing can take a lot of forms, but a common scam is the urgent email made to look like it’s from your bank or other business entity requesting you click on a link in the email to go to a web page and provide some missing piece of sensitive information, like your social security number, bank account number, etc. Or they could just be getting you to log in to snag your credentials.
There are many variations on the phish. You know what it is, and, as a cybersecurity-conscious entrepreneur, you regularly talk with your employees about cybersecurity. They know how to spot this stuff a mile away and avoid falling victim to it. You know how to keep your network safe.
Or do you?
Have you talked to your employees about . . . smishing?
Just as with phishing, with smishing hackers send a message designed with a sense of urgency and a link or attachment, but it’s not an email, it’s a text. SMS + phishing = smishing.
Last week one of the phones on my account received a text from an unknown number that went something like: “Kelly, project opportunity, available until 2 pm.” with a random link. Of course I didn’t click on it, because I realized it was the first time I was the target of smishing!
Your mobile devices are part of your network, and they can have their own set of vulnerabilities. Gone are the days of mobile devices largely flying under the radar of hackers. Yet, people tend to let their guard down and treat their mobile devices differently from how they treat their laptop or desktop, and hackers take advantage of this.
What can you do to avoid being the victim of smishing?
- Treat your texts like emails. That is, do not click on links or open attachments in texts from unknown sources.
- If you do get a text you suspect is smishing, do not click on the link in the message. Delete the suspect text without interacting with it.
- Install apps on your phone from trusted sources only. In the same way the more extensive software on your computer can contain malicious code, apps on your phone may be malware too!
- Delete unused apps from your device. Minimize your exposure to bugs and malware by deleting apps you do not use.
- Keep your device’s operating system updated. Updates can contain important bug fixes and can address vulnerabilities hackers can exploit.
- Protect your phone with an appropriate and vigilant antivirus app. Most antivirus software programs offer their protection in app format for installation on mobile devices, too. They offer subscriptions with multiple licenses, making it easy for users to protect all of the devices on the network.
Last, but not least, be vigilant. A similar message was sent to the phone again a week later. I can see how someone, at some point, might say, “Hey, they know my name and they are contacting me again. The must know me.” Which leads me to my final point: Run your business like a business. If replying to an unsigned text by clicking on a rando link is the way you do business and you’re not a drug dealer, you have got to rethink your business model.
Be safe, be bold.