In this week’s scam, you receive an unexpected text message that makes it appear that someone is trying to log in to your email or social media account. The message contains a multi-factor authentication (MFA) code and what appears to be a customer support number for you to call if you did not request the code. These types of codes are usually only sent to you when you are logging in to an account. If you receive one unexpectedly, it might make you think an unauthorized person is trying to access your account.
The message may seem legitimate, but this is actually a text message phishing attack (smishing). It was sent by a cybercriminal, and the phone number provided in the text message won’t actually connect you with a customer support team. If you call the number, your call will be answered by a cybercriminal. They will request that you provide them with your user credentials or other personal information so that they can steal your account.
Follow these tips to avoid falling victim to a smishing scam:
Be suspicious of unexpected text messages, especially if they seem urgent.
Be wary of messages from strange phone numbers you don’t recognise. If you need to contact customer support for one of your accounts or services, always use the contact information listed on their official website.
Remember that scammers often use alarming language to try to trick you into acting impulsively. Always stop and think before you click.
A vigilant workforce is the most effective defense against these attacks. Reach out to access training and simulations that empower your team to recognize and respond to attacks like this one.
