SMS phishing: A text-based attack

- We've all received those unexpected texts from unknown numbers. Sometimes it's about a package you didn't order. Sometimes it's an urgent message from your bank alerting you of suspicious activity. Other times, it's simply a text like, 'Hey, is this Sloan?', when your name is Olivia. At first glance, they may seem like a harmless mistake or maybe an urgent message to act upon, but under further inspection, something feels kind of off. SMS phishing attacks, also known as smishing attacks, are phishing attempts that occur via text message. Like other attacks we've covered, a scammer sends a text hoping to lure in a victim. The target might respond, click on a link or follow instructions in the message. This can lead to various outcomes, malware installation, theft of personal information, or even a long-term scam, like the pig butchering scheme we talked about earlier. For example, in 2023, the United Parcel Service, or UPS, in Canada confirmed a data breach where attackers gained customer data by misusing their package lookup tool. UPS warned customers that since phone numbers were included in the breach, smishing attacks could follow. And since information about packages were also taken, they could make their attacks pretty convincing. They weren't wrong. UPS confirmed that attackers targeted some recipients and demanded payment before their package could be released to them. Fortunately, UPS informed their customers that their text messages would only come from one specific number. They also reiterated these details in the message they sent their customers. Now this is just one example. Scammers don't always have this kind of accurate data at their disposal. More often than not, these attacks are widespread and use generic copy-pasted messages. So here are some ways you can catch an SMS phish. Be mindful that attackers like to take advantage of regular everyday interactions, like texts from shipping companies and events happening in your local region. For instance, natural disasters are a time of chaos and panic. To recover from these events, you need money and typically lots of it to help victims and restore the area. Scammers take advantage of these moments and prey on the kindness of people by sending text messages asking for donations. So if you want to support those in need, directly contact trusted and verified organizations in your area. Next, treat unexpected messages from unknown sources as if they're potentially dangerous. Instead of interacting with suspicious texts, go directly to the source to confirm its legitimacy. Like if your bank supposedly texts you about suspicious activity, verify if you've received messages from that number before. You can also log into your bank account and check for any alerts about suspicious activity. Remember, banks often accompany such texts with a phone call. Ask yourself, did I receive a phone call as well? The key to all of this is to slow down and think things through. Don't rush to click on links or give away your information. Are there grammatical errors in the message? Are you being asked to pay something? Are there links when there don't need to be? Even if you only ask yourself one of these questions, it's a defense layer that may save you from falling victim. I know I just mentioned grammatical errors as an indicator of a phishing attack, but with the introduction of AI into the mainstream, grammar errors may become a thing of the past. So let's head to the next video and talk about how AI is contributing to the phishing landscape.