As SMS phishing (or ‘smishing’) scams continue to rise, cybercriminals constantly find new targets by impersonating others, typically in the guise of legitimate authorities. Recently, more and more people have reported receiving a mysterious message requesting money to settle an outstanding toll fee.
Such scam messages often urge people to click on links that direct them to malicious sites. By doing so, the victims risk freely giving away their personal and financial information, exposing themselves to even more severe risks, such as identity theft and fraud.
To gain an insight into this latest manifestation of cyber-risk, Digital Journal caught up with cybersecurity expert at NordVPN, Adrianus Warmenhoven.
Warmenhoven begins by drawing upon a survey that his company has recently conducted to establish the current risk profile: “A new NordVPN survey reveals that 78% of Americans have encountered a scam in the past two years — many through smishing. A quarter stated that it was a call or a message from a fake customer or technical support centre or a bank employee.”
In terms of the specific text based threat, Warmenhoven finds: “Smishing is a growing threat that uses social engineering to manipulate human trust. Unlike phishing emails, which are often overlooked due to their suspicious links, smishing scams exploit the personal nature of text messages, making them more convincing and difficult to identify.”
Drawing on recent data, Warmenhoven establishes: “Over the past few weeks, the number of smishing texts increased significantly, and the U.S. Federal Trade Commission (FTC) warned citizens to take extra precautions to stay safe. As indicated by the FTC, scammers are pretending to be tolling agencies from coast to coast and sending texts demanding payment via a provided link, which can steal your personal and financial information.”
Connecting this back to examples of risky practices: “Phishing scams targeting drivers are on the rise as scammers exploit the fear of unpaid fines and legal consequences. This fraud preys on urgency, pushing victims to act before verifying legitimacy.”
Offering advice to consumers, Warmenhoven states: “Legitimate toll agencies do not send unsolicited payment requests via text. Most official toll authorities communicate through postal mail or verified online accounts. If you receive a message like this, visit the toll agency’s official website directly rather than clicking any links.”
Charting the current vulnerabilities, Warmenhoven adds: “A growing number of people use smartphones for sensitive tasks like banking, so smishing scams have become more effective. Cybercriminals exploit the sense of urgency — pretending to be toll agencies and asking for urgent payment to avoid late fees — to deceive victims into clicking malicious links or disclosing personal information.”
In terms of fighting back against the cybercriminals, Warmenhoven recommends: “To avoid becoming a smishing scam victim, keep an eye out for unwanted messages, especially those asking you to follow links or provide private information. One of the safest measures is enabling threat protection features on your mobile phone, which could detect and block malicious links before they cause any harm. Data revealed that NordVPN’s Threat Protection prevented over 1.9 billion malware incidents in the US alone.”
Warmenhoven also advises people, to take the following precautions:
• Be wary of unsolicited messages. Phishing scams are one of the main methods criminals use to steal personal and financial data. Messages asking you to update your data or click on a link may be phishing attempts.
• Verify the source. If you receive a suspicious SMS, avoid clicking on any links. Instead, verify the sender by contacting the organization using official contact details on their website.
• Don’t get pressured into clicking links. Cybercriminals prey on confusion and ignorance. They try to scare people, hoping that victims will act on emotion. Don’t do that. Try not to click on links that aim to scare you.
• Check for red flags. Look for signs like poor grammar, urgent language, or unfamiliar phone numbers. Phishing messages often contain these red flags to create a sense of urgency.
• Limit data exposure. Criminals can use information such as location, full name, and other personal details to commit scams and cyberattacks. Adjust your privacy settings and avoid sharing sensitive data publicly, such as on social networks.
• Use multi-factor authentication (MFA). Enable MFA on your accounts wherever possible. It adds an extra layer of security, even if a scammer gets hold of your login details.
• Keep your devices updated. Outdated software is an easy target for cyberattacks. Update your operating system, applications, and antivirus software to fix vulnerabilities and ensure better protection.
• Report suspicious messages. If you receive a phishing message, report it to your mobile provider or the relevant authority. Reporting helps prevent others from falling victim to the same scams.
Warmenhoven further advises: “If you suspect a message is fraudulent, do not reply, click links, or provide personal information. Instead, block the sender, report the scam to your mobile provider, and check your accounts for suspicious activity.”
