BSU

Security_Smart_Summer2020_Bridgewater

Issue link: http://bsuit.uberflip.com/i/1276325

Contents of this Issue

Navigation

Page 0 of 3

SAFEGUARDING YOUR SECURITY AND PRIVACY AT WORK AND AT HOME NEWSLETTER SUMMER 2020 SUMMER 2020 SECURITY SMART 1 For more information on staying safe online here at BSU or at home, contact security@bridgew.edu. What You Need to Know About "Smishing" Scams D ON'T LET THE cute-sounding name fool you: Smishing is when cybercriminals use text mes- sages to lure victims. (The word is a portmanteau of "phishing," in which vic- tims are lured via email, and "SMS," the protocol used by most phone text mes- saging services.) Smishers have found that people are more likely to open a potentially suspicious text message than email message, and that personal de- vices generally lack the type of security available on corporate PCs. Here's how to recognize—and avoid— three types of scams popular with smishers: 1 They try to trick you into reveal- ing account login credentials. Smishers may try to convince you to give up a username/password combo or other con- fidential info that they can use to log into an online account—paradoxically, by play- ing on your fears of being hacked. They'll send a text claiming to be from your bank, warning you about a large transfer, for example, and giving you a link to click on to block this potentially unauthor- ized access. In reality, the link sends you to a spoofed website that looks like your bank's and asks for your username and password, and the phone number connects you to the scam artists. Once they're armed with your credentials, they can log into your bank account. Legitimate messages should contain information proving that the bank already knows who you are, such as the last few digits of your credit card or bank account number. Be suspicious of vague referenc- es to "your account" without any details. If a message looks dodgy, log into your account via your browser or app without following any link sent to you in a text. 2 They try to get you to download malware. This is similar to one of the primary goals of phishing, adapted for mobile users and mobile technology. In one recent incident, a smishing scam in the Czech Republic convinced users to download an app purporting to be from that nation's postal service; in reality, it was a malicious program that could har- vest credit card info entered into other apps on the phone. In general, these kinds of attacks are rarer via text than email because smart- phones make it relatively difficult to install apps; iPhones and many Android phones only allow signed and verified apps from app stores to operate. To be on the safe side, be extremely suspi- cious of any attempt to get you to install an app via text message. 3 They ask you to send money. This is more the domain of the con artist than the tech wizard, but it's still a real concern. Smishers will do some work to get you to trust them; in one attack, a woman in Tennessee received texts she thought were from personal friends (the names had probably been harvested from Facebook) telling her about a govern- ment grant she qualified for. In reality, this was a classic "advance fee" scam. The victim was told she had to pay a few hundred dollars up front for "taxes" to get the money. Keep in mind that offers that seem too good to be true usually are. SI Photography/Tonivaver/Jane Kelly/Getty Images How to report unwanted texts: • In your messaging app, look for the option to report junk or spam. » Report spam or junk in the Messages app » Report spam on an Android phone • Copy the message and forward it to 7726 (or SPAM). • Report it to the Federal Trade Commission at ftc.gov/complaint.

Articles in this issue

Links on this page

Archives of this issue

view archives of BSU - Security_Smart_Summer2020_Bridgewater