Are you like most of us, volleying between email messages on your computer and text messages on your phone? With notifications popping up across your various devices, it’s easy to let your guard down when it comes to cybersecurity.

Cyberattacks can occur via any device that connects to the internet, including your cell phone. People tend to look twice when a suspicious email hits their inbox, but not everyone is as careful of the texts they receive. Still, mobile attacks are common and lots of people fall victim to these “smishing” attempts.

What is smishing?

Phishing is when hackers use fake emails and fraudulent websites to steal your data. Smishing has the same end goal -- stealing your data. But the hackers use text messaging to deceive you and get your personal data.

The cyber-criminal sends a text message to get your personal information or access your device. These texts might ask you to click a link or reply with personal information. And they can be quite convincing!

A hacker might impersonate an organization you are familiar with or pretend to be someone you know. Their messages are designed to trick you into trusting them. Sometimes the hacker will use your name or even verify your address to convince you they are legit. But they aren’t.

Smishers are often looking for any data that can help them commit other crimes, especially identity and financial theft. They are crafty about trying to steal things like:

• Log-in credentials
• Social security numbers, driver’s license information, or other personal information they’d need to steal an identity
• Banking or financial information

A smishing attack can also be designed to get access to your device. A link may lead you to download malware that then could give a smisher access to send your personal data to their server.

Whether they want you to directly share info with them or download malware, the result is the same: the hackers want to impersonate the “digital you.”

Smishing scams lead to identity and financial theft.

A lot of cybercrime begins with identity theft. If a hacker infiltrates your device or data, they’ll often have what they need to pretend to be you online.

There’s been a steady increase in cybercrimes as reported by the FBI’s 2021 Internet Crime Report. The number of complaints has more than doubled in the last five years, from 301,580 in 2017 to 847,376 in 2021. They estimate that these complaints total $6.9 billion in losses for 2021.

Money is the usual motivator. Stealing your funds, opening fraudulent accounts, and extortion are all possible motives for these crimes.

The chances of you being the target of a smishing scam appears to be increasing each year. You’ll need to increase your vigilance and cybersecurity to protect your personal data. If you’re a parent, you probably have some of your kid’s information stored on your phone or in cloud storage. You’re responsible for protecting your young one’s identity as well as yours.

Besides teaching your kids about smishing, here are some things to think about as you ponder when to give your kids a phone.

Why are text messages used to steal data?

There are advantages to using text to get access to personal data.

• Lack of authentication. SMS text senders do not need to verify anything beyond a phone number. They don’t need to know your email, address or even your name. As long as they have that phone number, they can send a text to trick you.
• Billions of texts go out every day. 6 billion, in fact. And each week 97 percent of American adults will text, according to U.S. texting stats gathered by TheLocalProject. With the vast majority of people used to getting and responding to texts, it’s easy for a cybercriminal to sneak in a smishing attempt.
• Most texts are opened. What’s really surprising is that 99 percent of those 6 billion daily text messages are opened, as reported by TheLocalProject. With such a high open rate, it’s easy to see why text would be an attractive tool for a hacker.
• Texts give access to location. Your phone can give smishers your location, which can aid them in making the text seem more legit. If a smisher pretends to be your bank and sends you a fraudulent text asking if you made a purchase at the coffee shop you’re currently at, you might be inclined to respond by clicking a link or divulging the information they request.
• We respond to texts almost automatically. TheLocalProject’s data also showed that most people read a text within 3 minutes and respond to it within 90 seconds of reading it. That’s FAST! So fast you may not read closely or question the text’s legitimacy.

7 ways to prevent getting caught in a smishing scam           

Smishing scams can lead to financial ruin and/or damage your reputation. They are also a big mess to clean up. It’s much easier to prevent becoming a smishing victim than it is to deal with the aftermath.

Here are 7 easy tips to help prevent smishing attacks.

1. Ignore texts that seem “off.” If the text is a link and nothing else, don’t click. Delete the message or mark it as spam. If the message is from a business you associate with, call them to verify they are actually contacting you.
2. Don’t open text alerts you didn’t sign up for. If you’re getting a message from a company you did not sign up for, ignore that text. And be careful! Sometimes smishers use “click here to unsubscribe” to get your data or gain access to your phone, too.
3. Block unwanted text senders. There’s nothing wrong with a long block list. Mark unwanted messages as spam or block them so they stop coming through.
4. Minimize your text alerts to essential messages. When you’re busy or distracted, it’s easy to fall victim to a smishing attempt. Only permit essential text messages to come through in real time. Save the rest to look at when you have time to focus.
5. Don’t click on links in text messages unless you’re sure it's safe. Before clicking, you should know who the sender is and the purpose of the link. If you have to click to learn more – don’t.
6. Use a virtual private network (VPN). A good VPN will help protect you against location-based smishers by keeping your location hidden.
7. Use a two-factor authentication (2FA) app. With two-factor authentication, even if you accidently click a link, a hacker will still need to pass a second authentication factor to access your data.

How Blink by Chubb Can Help

In our fast-paced, digital world, even the most vigilant person can fall for a smishing attack. For additional peace of mind, our cyber protection insurance is there to help you get your digital life back on track should a smisher sneak past your guard. Learn more and get your free quote today.