“Smishing” (SMS Phishing) And “Vishing” (Voice Phishing) On The Upswing, FBI Warns

The Federal Bureau of Investigation (FBI) issued a new warning recently about new phishing attacks carried out via SMS text or cellular voicemail messages. The FBI’s announcement notes that these messages provide a phone number to call or a website to log into, which then ask the respondent to provide personal information such as a bank account number, PIN or credit card number in order to restore service or fix a problem. Of course, the site or number in question is fraudulent.

These attacks, dubbed “smishing” (for SMS text phishing) and “vishing” (voice phishing) are apparently on the upswing for the same reasons that we see email-based attacks increase during the holidays.

The FBI announcement gives several examples of recent smishing cases:

  • “Account holders at one particular credit union, after receiving a text about an account problem, called the phone number in the text, gave out their personal information, and had money withdrawn from their bank accounts within 10 minutes of their calls.”
  • “Customers at a bank received a text saying they needed to reactivate their ATM card. Some called the phone number in the text and were prompted to provide their ATM card number, PIN, and expiration date. Thousands of fraudulent withdrawals followed.”

The FBI offered the following tips to stay safe from these types of cyber threats, which echo some of the same tips I give in my blog post “Seven Simple Rules for Staying Safe Online”:

1. Don’t respond to text messages or automated voice messages from unknown or blocked numbers on your mobile phone.

2. Treat your mobile phone like you would your computer…don’t download anything unless you trust the source.

3. When buying online, use a legitimate payment service and always use a credit card because charges can be disputed if you don’t receive what you ordered or find unauthorized charges on your card.

Check each seller’s rating and feedback along with the dates the feedback was posted. Be wary of a seller with a 100 percent positive feedback score, with a low number of feedback postings, or with all feedback posted around the same date.

4. Don’t respond to unsolicited e-mails (or texts or phone calls, for that matter) requesting personal information, and never click on links or attachments contained within unsolicited e-mails. If you want to go to a merchant’s website, type their URL directly into your browser’s address bar.

Keith Crosley directs corporate communications for Proofpoint. Keith’s job entails the promotion of Proofpoint e-mail security solutions to press, analysts and the enterprise e-mail security market at large. His blog covers a wide variety of e-mail security topics including anti-spam, phishing, identity theft, data breaches and the policy, culture and technology issues that surround e-mail. Previous positions have included director, corporate communications at Elance, senior director, worldwide public relations at BroadVision and director of marketing at WiredPlanet.com. As a key spokesperson for Proofpoint and e-mail security evangelist/researcher, he takes part in television and radio appearances. Avocationally and semi-professionally, he is a filmmaker, musician and all-round multimedia enthusiast.