Unwanted texts can be annoying, but they can also be a doorway for hackers into your systems. If you or your employees fall for text scams, they could potentially create havoc for you or your business.
A new text message scam has been doing the rounds that tries to trick people into entering their card details by saying they have a package to claim.
The Flubot SMS scam, affecting all mobile networks, prompts users to install a tracking app which is actually a malicious piece of spyware.
This is an example of ‘Smishing’ – phishing that occurs over SMS. It can seem convincing, so here are some common warning signs to look out for:
1. It contains a link
Scam text messages won’t always contain a link, but those that do may direct you to download malware or enter your card details or personal information.
It can be tricky to identify a text scam by the link itself. Legitimate businesses will often use a URL shortener in their text messages, look for shortening service name in the URL itself, such as bit.ly or tinyurl. However, this is not always the case so if it looks suspicious, or you’re not expecting the text, don’t click it.
2. The message is unrelated to you
One way to identify a text scam is that the message pops up unexpectedly or is unrelated to any activity you’ve had with the business (or person). Typical scam text messages will say you’ve won a competition, owe a fee, or state there is a delivery issue with a package.
3. Poor spelling and grammar
This may not always be the case, but more obvious indications of a text scam are cut-off sentences, dodgy spelling and improper grammar. Legitimate text messages from a business tend to use proper punctuation and will likely be free of misspellings and grammatical errors.
4. Phone number or email
Be sure to check the phone number the text has come from, by doing a quick search online to verify it matches the company or sender.
If the phone number is much longer than your average 11-digit phone number, or a lengthy email address (for imessage) it may be a text scam. Businesses sometimes use shortened phone numbers called short codes to send package delivery updates to customers – Amazon is a good example.
If you do receive a suspicious text message:
- Do not click the link in the message, and do not install any apps if prompted.
- Alert you employer and forward the message to 7726, a free spam-reporting service provided by phone operators.
- Delete the message.
How to avoid scam texts
Unlike your email inbox, incoming text messages are not subjected to traditional spam filters and authentication systems. Without this initial line of defence, malicious text messages can easily slip into your phone. But, there are a few things you can do to minimise the risk of falling victim to one:
Have a clear policy for BYOD
Whether your staff have company phones or are allowed to use their own smartphones for work, have a Bring Your Own Device (BYOD) policy in place that sets clear expectations and guidelines around everything from app usage to cyber threat detection.
This makes sure your employees will have better knowledge of these kinds of scams and what to do if they fall victim to one. Make sure your team understands how to report threats and receive advice on suspicious messages, as cyber criminals rely on human error to succeed.
Filter out spammers
Samsung phones have a handy setting to switch on, which disables all potential spam messages from the Messages app.
Instruct your employees to tap the three-dot icon in the upper right of the app and select Settings > Spam protection and turn on the Enable spam protection switch. Your phone will now alert you if an incoming message is suspected of being spam.
Mobile Device Management solution
A strong Mobile Device Management solution will protect your devices and prevent these threats from going any further than a text message.
Built into Samsung’s smartphones and tablets, Samsung Knox provides defence-grade security that protects your devices from the moment you power up.
The most sensitive data on your devices is secured by Knox, including your biometrics, passwords, personal data and other credentials. It defends your devices against intrusion, malware and malicious threats.
Even if an employee clicks on a malicious link in a text message, the attacker won’t be able to gain access to sensitive information.
Limit access to data
It’s likely that your employees do not need access to ALL of your company information – only the things that enable them to do their job. So, you can restrict what they can access, as part of your Mobile Device Management solution. By doing so, you are reducing the risk of a data leak in case one of your employees becomes a victim of a text scam.
Scan for viruses
With Samsung business phones, you can take advantage of Smart Manager, which automatically scans regularly for malicious software and provides an anti-malware solution. You can also run a scan at any time by going to your Smart Manager app > Security > Scan Now, which is useful if you want to be sure nothing nasty has found its way onto your phone.
Keep data backed up
In the event that something manages to slip past your defences you need to have a process in place for restoring your data. A reliable backup system can carry out regular or automatic backups so that you never lose any important data.
A service like Samsung Cloud allows you to backup, sync and restore content stored on your device. If you replace your phone, you won’t lose any of your data because you can copy it across using Samsung Cloud.
Text message scams are not new, but it’s important to remember they are not going to disappear any time soon. Businesses should include SMS scams as a priority in their cybersecurity policies and training. Especially when there are scams like Flubot on the rise, we are advising our customers to be vigilant with this type of attack and to always be very careful about clicking on any links received in an SMS.
For more information, contact our experts