Security Tip of the Week – New Smishing Scam Borrows Your Phone

In a new smishing (SMS Phishing) attack aimed at Android users, cybercriminals send a text message that claims you have a delivery that needs to be paid for. If you tap on the link provided in the text, you are taken to a page that asks you to update your Google Chrome app. If you tap the Install Now button on the page, a download begins and you are redirected to a payment screen. On this screen, you are asked to pay a small fee so that your package can be delivered. If you provide any payment information on this page, it is sent directly to the bad guys. 

Unfortunately, this scam gets worse. If you tapped the Install Now button mentioned above, you actually downloaded malware that uses the icon and name of Google Chrome to disguise itself. This “app” then uses your mobile number to send thousands of smishing texts to random, unsuspecting victims. 

Don’t become a part of their scam! Follow the tips below to stay safe from attacks like this:

• Only download and update apps through your device’s official app store.
• Though this attack targets Android users, this technique could be used on any kind of mobile device, so always be suspicious of unexpected text messages. 
• If you are expecting a package, stay up-to-date on your order by visiting the retailer’s official website and not by tapping a link in a text message.

Stop, Look, and Think. Don’t be fooled.

KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.

DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.