Phishing text messages can be easily identified but the trick is to know what you’re looking for when (not if) you receive one. Like anything regarding cyber-security, there is no 1-size-fits-all way of stopping them, so in this article, we'll provide you with a few tips on how you can be a better human firewall and start identifying text message phishing attacks more easily. Before we do though, let's quickly summarize what a phishing attack is, for those of you who may not know.

What is a Phishing Attack?

Phishing attacks are a type of cyber-attack designed to convince a user that urgent action is needed. They often come in the form of emails and can be picked up by spam filters or email rules, but occasionally, one may slip through the cracks. That’s where identifying phishing emails and becoming a human firewall can be your best defense. As phishing attacks become more complex and deceiving, people are starting to learn best practices for identifying them. Users are learning to think before they click, hover over links or attachments to see where they are really being directed to, and double-check the senders' email address when something appears to have come from a colleague or co-worker. Due to this increase in common knowledge, hackers have had to find new ways around spam filters, email rules, and human firewalls, and they’re using text messages to do it.

3 Ways to Identify a Phishing Text Message

Have you ever received a text or iMessage from a random number or email with an unexplained or unexpected link? Maybe you’ve received a text from someone stating that a loved one has been injured or arrested, and you need to send this person who you don’t have in your contacts money right away to get them out of trouble? These types of messages are scary, and they invoke some urgent action from the person who is receiving the message before it’s too late. These are phishing text messages, and they are becoming more and more common with each passing day. Here are 3 tips and questions to ask to quickly identify them:
  1. Who did it come from?

Not in your contacts? That is an immediate red flag when it comes to phishing attacks. Something as simple as just seeing a number or email address (Apple ID) that is not in your contacts list can be the easiest way to identify a phishing text message. Text messages from people you know don’t come from numbers that you don’t have saved. If the person on the other end of the message is a person you know, make sure they identify themselves and you’re able to verify that it’s really them. If they don’t give you their name and an explanation as to why you may not have that number saved, send them a message on another forum to verify. Sending a confirmation message to them on applications such as Facebook Messenger, Twitter, or any other social media outlet you may have them listed on can be an easy way to make sure you’re really talking to the person you think.
  1. What did the message say?

Be wary if the message has some "call to action" in it, such as tapping/clicking a link, visiting a page, or sending any personal information. Again, a person who isn't in your contacts list asking you to do ANYTHING outside of updating their contact information because they got a new phone or number isn't someone to be trusted. Phishing text messages will always have some call to action, so just like you would for an email phishing attack, stop and think before you tap or reply.
  1. Does the message make sense?

Many phishing text message attacks start by simply wanting to get the readers' attention. If you receive a message that looks like someone typed it from within their pocket without even looking, it's probably a phish. Just sending random letters, a single word such as "hi," or sending statements/questions that are misspelled or not grammatically correct can be signs of an attempted phishing text message. Bots often send these messages at first to get your attention in the form of a reply. Once you reply to the message, the attacker knows that your number is active, and they've got you on the hook to try to reel you in by giving them what they're wanting.

How can I stop phishing text messages altogether?

Back in the days when telemarketers were one of the only ways attackers could scam people there were “no-call lists” and ways to take your phone numbers out of phone books to make them harder to find. With phishing text messages, unfortunately, there isn’t a “no-call list” that you can put yourself on or a sure-fire way to hide your phone number. Since online shopping, email, banking, and everything else that comes with the internet has exploded in popularity, people’s information is everywhere, and it’s constantly being sold. Even with privacy laws in place, attackers are still going to find ways to get your phone number somewhere in the dark depths of the internet.While there may not be a way to stop phishing text messages altogether, there are several ways to keep the annoyance and risk to a minimum. Here are a few options from Free to Paid:
  1. Free: Your smartphone’s settings

Modern smartphones (iPhone and Android) often have settings that can filter messages from unknown senders and mute the notifications from them. These settings, while they don’t stop the messages from being received, are sent to a “spam” or “junk” type text message folder within your default text message application, and they can be sorted through and deleted at any time.
  1. Free or Paid: Your Provider

Cell phone service providers such as AT&T, Verizon, T-Mobile, and more are also now offering packages that do a much better job at catching phishing text messages. These services are often an add-on option to your current plan but can sometimes be bundled into your existing cost depending on your current contract. The services also vary in effectiveness and can be slightly more difficult to control from a settings standpoint in comparison to the settings on your smartphone. You should talk to your cell phone provider for more details if this is an option that interests you.
  1. Free or Paid*: Apps on your smartphone

There are now several different apps you can download for free or purchase subscriptions for on your smartphone that will do an effective job when it comes to blocking and filtering phishing text messages. Apps such as RoboKiller, offer a paid annual service that will scan for and block spam phone calls as well as filter and block unwanted messages. Other apps like TextKiller and HiYa offer free services with limited features with the option to subscribe from within the app should your need to block incoming calls and texts require those advanced settings.Summit Hosting does more than just keep your server always on and always secure when it comes to security. We believe that cybersecurity is a team effort, and user education about various cyberattacks is only the beginning. To learn more about how Summit Hosting keeps your business secure in the cloud, check out our Summit Secure Workspace page, or contact us today and speak to one of our cloud hosting specialists.

Faisl Taher

This blogpost is Written by Faisl Taher. Faisl is a Marketing Manager at Summit. Faisl holds an MBA in Marketing Strategy. He's passionate about data analysis, consumer behavior, and marketing technology. Faisl is a lifelong learner who regularly keeps himself updated with the latest technologies and industry advancements. In his free time, he explores NYC's coffee scene and stays active through running.

Faisl Taher