Don't Take the Bait: Reel in Smishing Scams and Phone Number Spoofing
Getting spam text messages is a common problem nowadays, and one of the techniques spammers use is phone number spoofing. This is when a number is disguised as another number, usually a reputable entity such as government agencies, banks, or people, like a company's CEO. They often impersonate to lend an air of legitimacy to their scams.
Text message or SMS phishing, also known as "smishing," refers to the deceptive practice of using text messages to entice individuals into divulging their personal or financial information. Smishing messages typically request sensitive details from recipients or ask for payment in the forms of cash, gift cards or cryptocurrency.
But there are ways to protect yourself. In this post, we'll share simple methods to prevent phone number spoofing and what to do if you receive a spoofed text or call.
How to Avoid Having Your Number Spoofed:
Be Cautious with your Phone Number:
Avoid sharing it unnecessarily, especially online or on public facing websites like LinkedIn or Facebook.
Never entering your phone number into random locations like giveaways, both online and offline.
If you do need to use your number online, read terms and condition to understand how your information is used on the website.
If possible, untick any consent boxes asking to store or share your personal data.
Use Multi-Factor Authentication (MFA):
MFA can serve as an early warning system if someone tries to spoof your phone number. Since you receive the verification code or authentication prompt directly, you will be alerted to any unauthorized login attempts or suspicious activities. This allows you to take immediate action, such as changing passwords or contacting the service provider to secure your account.
If using SMS as MFA, because a unique verification code is sent when you log in scammers won't receive the verification code, preventing unauthorized access to your accounts
Instead of relying solely on SMS, consider using app-based authentication methods like authenticator apps or security keys. These methods generate time-based verification codes that are not dependent on SMS messages.
Report the Spoof:
Spoofing is only illegal if done with malicious intent, so the act of spoofing itself isn't a banned practice. However, you can report spoofing to the FCC: Submit a Request - FCC Complaints | fcc.gov
What to Do if You Get a Smishing Message:
Verify and Don't Reply:
Do not reply to any of the message, even to ask the sender to stop contacting you.
Do not click on any links in the messages as they may have malware or viruses attached to them that can steal personal or financial information stored on the device.
If the message is spoofing a person, verify the legitimacy through another means such as email or in-person.
If the message is spoofing a company, call the company directly.
Block and Report:
Use your phone's built-in options to report and block spam numbers.
You can contact the bank, government agency, or company that the scam artist is impersonating so it can alert others and work with law enforcement to investigate the activity. Government agencies, banks, and other legitimate companies will never ask for personal or financial information through phone calls or text messages.
You can report spoofing directly to the FCC: Submit a Request - FCC Complaints | fcc.gov
By following these simple steps, you can effectively prevent phone number spoofing for spam text messages. Protecting yourself against spam texts will help ensure a hassle-free smartphone experience.
Interested in learning how TIC can keep your company safe? Contact us by clicking here.