The Information Security Office has become aware of an increase in spam SMS also known as “smishing” being sent to the UCR community. When cybercriminals "phish," they are sending fraudulent emails that aim to trick the recipient into opening a malware attachment or clicking on a malicious link, and they “smish” when they try to engage potential victims in the same way via text messages.
This recent campaign, Impersonation of Kim Wilcox targeting – staff and faculty especially middle and upper level management was very active in November, 2022.
Some helpful ways to protect yourself from these smishing attacks include:
- Read messages carefully. Oftentimes spam and phishing messages will have weird spacing, incorrect spelling, poor grammar, asking for personal information or requesting you perform some sort of action like logging into a website that looks legitimate but is not.
- Never click a link from a number you are unsure about. Verify information from the sender via a known safe method of communication.
- Do not respond to smishing messages instead Report spam texts to your wireless carrier forward all spam text messages to 7726. (Note: not all carriers offer this)
- SMS is not a secure way of sharing personal information so be wary of anyone requesting this information via SMS. A legitimate business will never request information from you via text messages, unless you have “opted-in” to text messages with them, and then it’s usually just to send you information or ask for verification of services.
- If you haven’t yet done so, get antivirus for your phone and other handheld devices. Keep the software on them up-to-date.
- Remove any apps from your devices that you don’t use.