Cybercriminals are always trying new methods of obtaining private financial information from unsuspecting individuals.
Common methods include employing tactics like emailing strangers and …
This item is available in full to subscribers.
Please log in to continue |
Cybercriminals are always trying new methods of obtaining private financial information from unsuspecting individuals.
Common methods include employing tactics like emailing strangers and convincing them to either share personal information or take an action that compromises their systems and devices. Known as "phishing," these cybercrime attempts can also come by way of short message service (SMS) or text messaging, and when they do, it's called "smishing."
Scammers use smishing to prompt victims to click on internet links or send classified or personal information through texts and other messaging apps, making individuals vulnerable to identity theft and even extortion. However, understanding their methods can help you protect yourself. Here's what to know:
Attacks Are Getting More Sophisticated
Cybercriminals often use a tactic called spoofing, where they impersonate a known sender or transmit messages from a legitimate number. Even if you know the sender, it's still important to verify the message's legitimacy before responding, opening an attachment, or clicking on a link that could potentially compromise your device.
Cybercriminals also share stolen credentials and personal information more readily now and work in gangs, ultimately amplifying the threat. Through social engineering of your publicly available information — often gleaned from social media — and private data procured illicitly, scammers are able to craft text messages specifically designed to lower your defenses. This means, communication may look like it's being sent from a known person or number, possibly making reference to shared knowledge. Fraudsters may apply a sense of urgency or other scare tactic that prompts you to react quickly instead of taking the time to scrutinize a request.
Additionally, the ever-growing capabilities of generative artificial intelligence (AI) tools have made it easier for scammers to develop smishing attempts that closely mirror conversation, making it simpler and more affordable to distribute cyberattacks successfully to a large audience.
"Whereas previous smishing and phishing messages often didn't make sense, as generative AI advances, these messages contain fewer grammatical or spelling mistakes. As a result, users are less able to distinguish them from legitimate communications," said Raina Kanakis, a security specialist with PNC's Global Security Fusion Center.
Simple Precautions Can Mitigate Risk
Vigilance is key, especially as attacks become more sophisticated. One way to verify senders' identities is by cross-checking short codes — the five- or six-digit number used by companies to deliver text messages to your phone. Each of these unique codes is used for certain purposes — to transmit card activity alerts, for instance.
Many companies, such as PNC Bank, have established resources to enable customers to verify the legitimacy of text messages appearing to come from them. By referencing PNC's Short Codes page for example, you can verify whether a text message originated from a legitimate short code, helping you detect and avoid possible impersonation fraud.
Use these additional strategies to help thwart smishing attempts: