October has been designated Cybersecurity Awareness Month by the U.S. Small Business Administration. Trilogy Innovations, Inc., supports this effort by offering helpful practices to stay safe.
One of the latest phishing methods is to send text messages posing as a boss or co-worker asking you for a favor. How can you be sure what messages to trust? Jonathan Beaver, Senior Software Engineer at Trilogy, says you can use the list of contacts in your mobile devices to help protect you against text phishing.
Most people are familiar with phishing via email, but just as the way we communicate with each other evolves, so does the way hackers and phishers try to obtain information or money from unsuspecting people. One of the latest phishing methods is to send text messages posing as a boss or co-worker asking you for a favor.
Many times, the initial text does not ask for anything specific, but asks you to text back because the individual needs a favor. It can be something as simple as,
“Hey <Your First Name>, it's <your CEO's name>. Can you text me back? I need a favor from you.”
The phone number associated with this phishing message is even typically in the area code of where your company resides, so it can appear legitimate. Once you respond, things can start down a path that can lead to financial loss or worse. Unlike some of the tactics used to help fight email phishing, like putting EXTERNAL in the subject line or having a spam filter block the email from ever arriving, SMS/text messaging tends to be a bit more open with fewer controls.
How can you protect yourself?
Use the contact book built into your cell phone to register each of your known contacts with their phone number, name, and other relevant information. General contact information takes up relatively no space on the phone and it is rare to hit the contact limit, which is in the tens of thousands. Take a few minutes to add the names and numbers of the important people in your company, and if you ever get a text again claiming to be from your co-worker or even CEO, you can tell if it is really them because it will come up as their contact information. Otherwise, it will just be a phone number you do not have registered.
What if a person changed their phone number or are using another person's phone? What if there is an emergency?
Those questions are easily answered by asking yourself a few simple questions. How often you have changed your cell phone number and not told your contacts? In an emergency, would you text or call?