Florida is one of the few places in the country where we still fish over the holiday season – but when it comes to phishing, it seems scammers never take a vacation. In fact, mobile phishing techniques (known as smishing) tend to become more sophisticated during this time of year. Experts say that the number of mobile phishing messages is on track to double this year, compared to the October through December time frame in 2020.
These messages are holiday-themed and seem pretty normal – whether referring to scheduled package deliveries to special pricing deals. Because most people have made purchases online and are expecting shipments, these messages may not raise any red flags at first.
Seasonal Opportunities for Scammers
Everyone is looking for the perfect gift at this time of year, so receiving a link representing a great deal on the exact item you have been looking for might seem fortuitous – and irresistible.
On the business front, experts warn that text messages can impersonate your boss. As personal mobile devices proliferate throughout the workplace, scammers have more opportunities to take advantage of their contact lists and your holiday cheer. For instance, they may send the message, “please click this link to purchase gift cards for each of the members of our team.” Because the message looks legitimate and makes sense, there may not be any reason to question it.
Any good business tracks consumer response and acceptance – and adjusts its product or service accordingly. Scammers have been doing the same, discarding the scams that don’t work very well and amplifying those with the greatest success. A business professional’s mobile devices are often less protected and encrypted than the desktop in their cubicle, so criminals have largely shifted their focus. Studies have shown that consumers are far more likely to click through via text than email – perhaps because they have now been largely trained not to click suspicious links.
Fake Customer Service Messages
Most scammers use smishing attacks that appear to be from a reputable company the end-user does business with, whether a traditional retailer, e-commerce brand, or package delivery services. These scams are looking to hijack personal information from unsuspecting targets.
Many of these strategies indicate that credit card information is necessary to resolve an issue with your purchase or delivery. The problem is, you often have not actually made the purchase they are referring to. In other cases, a retailer you often frequent may be offering an attractive price and showing a URL. Unfortunately, that URL does not go to the retailer but to the scammer’s look-alike landing page.
Interestingly, some scammers don’t provide a link at all. Understanding that many consumers have been trained to be suspicious of clicking a link, some scammers offer a phone number instead. They may ask you to call to sort out a shipping discrepancy, and a live person answers the phone. The “customer service rep” offers to help get your purchase on the way and asks for some clarifying information. They have learned that while many people will catch on, they are a lot less likely to do so over the holidays when they have made multiple online purchases.
A successful scam would result in criminals obtaining account credentials, credit card numbers, or other sensitive personal data.
The Holiday Scam Provides Details
The scammers have often created fake receipts, invoices, and shipping notifications. A curious consumer may think they have simply forgotten a purchase and are likely to click through. This is especially true during the chaotic and busy holiday season.
To keep your personal and business information safe, check out these safety tips:
- Keep track of all your mobile purchases and check your purchase against the email or text message.
- Expect to receive suspicious text messages and stay vigilant.
- Think twice before providing your phone number to any enterprise.
- If you receive a message, don’t click the link provided. If you think it could be legitimate, go directly to the company website or call their posted customer service number to determine the integrity of the message you received.
- Repeat for any offer codes or sale offers you receive. Check their website from your browser.
- Report mobile phishing and spam to the Spam Reporting Service.
- Be diligent and aware about downloading and installing new software to your mobile device.
- Never respond to any unsolicited messages from any company you don’t recognize. Once you do, they have confirmed that you’re a “real person.
- Never install software from any place other than a certified app store from the vendor.
Overall, experts remind you of the old adage – if it seems too good to be true, it probably is. This holiday season, pay attention and stay protected.
Alliance IT provides managed services and security protection to SMBs in the Sarasota area.
