Today we’re talking about phishing and smishing. No, we aren’t speaking gibberish. In fact, phishing emails and smishing texts can cause quite serious issues for those who don’t recognize them and don’t know how to respond if they receive them.
Phishing emails are scam emails. Cyber criminals and hackers use them to try baiting you into providing private information like credit card or account numbers, usernames and passwords, and other sensitive information. The emails may also include links that could install spyware or malware on your device when clicked on. These emails can be hard to recognize because they often look to be legitimate, from people, companies and organizations that are familiar to you.
Smishing is a form of Phishing, except instead of email, the threat comes in the form of a text or messaging app on your mobile device. The attacker may attempt to pose as someone you know or as a bank, store or even a charitable organization. Sometimes these messages may come to you in a group text, with other phone numbers. Other times, the messages may come only to you. Either way, the attacker’s goal is the same as with phishing emails—to try to obtain your personal information or get you to click on a jeopardous link.
Recognizing Phishing and Smishing
The biggest warning sign an email or text may be fraudulent is being unexpected. Other signs include claiming you won something, asking you to verify personal or account information, or prompting you to reset your account. Asking you to confirm information or click on links for verification or changes you didn’t request are also indicators the message is malicious.
Another thing to look for, particularly in phishing emails, is a realistic looking web or email address that appears to be from an organization or company you’re familiar with. Be sure to look carefully to notice odd spellings, typos or differences that might be indicative of imposters. Misspellings and grammatical errors within the message itself are also good indicators the email or text is not from a reputable source.
How to Handle Phishing and Smishing
For the most part, handling phishing and smishing attempts is simple. If the message is obviously bogus, do not click on any links, and delete the message. If you aren’t quite sure the message is legitimate, contact the person, company or organization it appears to be from to confirm it’s credible.
You can also report phishing emails to the Anti-Phishing Working Group (APWG). This group works with the U.S. Cybersecurity & Infrastructure Security Agency (CISA) to help protect people from falling victim to cybercrime. To report a phishing email to APWG, simply forward the spurious email to firstname.lastname@example.org. Spam and Smishing texts can be reported at the Federal Trade Commission’s fraud reporting website, ReportFraud.ftc.gov.