In today’s digital age, we have become accustomed to the conveniences of instant communication. Emails, texts and instant messages abound such that we often will click on them without a thought as to whether they are legitimate. While most of our online interactions are benign, some aim to deceive and exploit. At some point it dawns on us: we are victims of a scam!
The most prevalent forms of these deceptive practices are “phishing” and “smishing.” Phishing is typically executed via email, while smishing is executed via text messages. It is a fraudulent attempt to obtain usernames, passwords, and/or credit card details by disguising the communication as coming from a trustworthy source. The attacker might send you an email that looks like it’s from a legitimate organization but designed to trick you into providing personal or financial details, via links to malicious websites or attachments that can harm your computer.
Smishing, a combination of the terms “SMS” and “phishing,” is like phishing but it occurs primarily through text messages (SMS). Scammers send deceptive texts to lure you into providing personal or financial information. These messages might contain a link to a fake website or request that you send personal details in a response. Many times, they appear to come from legitimate phone numbers. Smishing might also involve urgent text messages about “suspicious activity,” enticing offers that seem too good to be true, or threats designed to cause us to act immediately without thinking.
As technology is embedded in our daily routines, understanding and protecting ourselves from these threats is essential. There are things we can do to lessen the potential of becoming a victim of these scams.
For phishing attempts we can:
- Be cautious of unsolicited emails, especially if they ask for personal or financial information. Hover over links without clicking on them to see the actual source. If it doesn’t match the stated organization’s real website or looks suspicious, don’t click on the link.
- Check the sender’s email address. Often, phishing attempts come from addresses that resemble, but are not identical to legitimate ones.
- Avoid downloading attachments from unknown sources.
- Call the source of the email from a verified known number that you have.
For smishing attempts we can:
- Be skeptical of unexpected text messages, particularly those that ask for personal information or require urgent action.
- Avoid clicking on links in text messages from unknown numbers.
- Verify any requests for information by contacting the organization directly using contact details you know.
Even with these precautions, we still can fall victim, so what is our recourse? First,
it’s crucial to act quickly to mitigate potential damage:
First, don’t panic: While it’s natural to feel alarmed or embarrassed, it’s important to stay calm and take a systematic approach to address the situation.
Disconnect from the Internet: If you’ve clicked on a malicious, temporarily disconnect your device from the Internet. This can prevent malware from communicating with its command-and-control servers. Run a full system scan on your device using a reputable antivirus or anti-malware software. If you’re not tech-savvy and suspect your device is infected, consider seeking help from a professional or tech savvy friend.
Change all your passwords: Start with the compromised account first. Next change passwords for critical accounts like email (since email can often be used to reset other account passwords), banking and other financial accounts. If you use the same password across multiple sites (which is not advisable), change those too. Also enable two-factor authentication to add an extra layer of security to your accounts by requiring a second form of identification beyond just a password.
Notify affected people/companies/organizations: If you’ve provided details related to a specific bank or service, contact them immediately. They can monitor your account for suspicious activity or help you take protective measures. Report the phishing email to your email provider, that may have a reporting mechanism for this. If your email or phone was compromised, inform your contacts so they can be wary of suspicious messages from your account.
Monitor your accounts and consider Credit Monitoring: Regularly review bank and credit card statements for unfamiliar transactions. Consider setting up account alerts for transactions above a certain amount. If you believe your financial information was compromised, consider subscribing to a credit monitoring service. They can alert you to changes in your credit report.
Report the incident: You can report phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org or to the FTC at spam@uce.gov. Smishing attacks can be reported to your mobile carrier and the FTC.
Being a victim of phishing or smishing can be distressing, but by taking swift and comprehensive action we all can minimize the potential harm and prevent further intrusion into our online world.