By Tonia Dudley, Strategic Advisor – Cofense

With the increased use of mobile devices to manage so much of our lives, it’s no surprise scammers have moved to this medium to target your sensitive information. If you have a mobile phone, then you’ve most likely experienced smishing. Smishing is a phishing message received via an SMS text message. Just like an email phishing attempt, the scammers are targeting your sensitive information.

Similar to what you might experience in your email, these messages are using emotional triggers to entice you to interact with the links. The themes are typically targeting your personal information such as your username and password, credit card number or national ID.

Below are just a few examples I received over a few months. What was interesting as I monitored these messages was to see a couple of the messages were addressing me as Jesse!

Just as we encourage reporting suspicious email messages to your organization’s security team or the company being spoofed, it’s just as important to report these messages. Below are the steps to report these to your phone provider:

How to report a Smishing txt or SMS?

  • Forward suspicious SMS messages to 7726:
    • When you receive a spam txt message on your phone, forward that text to the short code 7726 (which spells “SPAM”).
    • You’ll then receive an automated message from your wireless carrier asking you then to enter the phone number from which the spam text was sent

How to forward an SMS:

iOS: https://support.apple.com/en-us/HT208386

Android: https://www.androidauthority.com/how-to-forward-a-text-message-870759/

This blog post originally appeared July 20, 2021, on the National Cybersecurity Alliance website. It is reprinted with permission. To learn more about smishing and defensive tactics, read our blog, “Thinking of Smishing Your Employees? Think Twice.”

All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks. Any observations contained in this blog regarding circumvention of end point protections are based on observations at a point in time based on a specific set of system configurations. Subsequent updates or different configurations may be effective at stopping these or similar threats. Past performance is not indicative of future results.
The Cofense® and PhishMe® names and logos, as well as any other Cofense product or service names or logos displayed on this blog are registered trademarks or trademarks of Cofense Inc.