One of the issues I have seen become more prevalent is smishing attacks. For those of you not in the know, smishing is just phishing for text messages. I have fought off countless questions of “how did they get my number” and “how did they know I work here?” Ultimately, it is because of your personal digital hygiene. Here are a few tips to keep the bad guys at bay.
Stay Private
When you are setting up your social media or doing a review of it, make sure that you are limiting what the general public can see. Personal information such as your address, phone number, email, and even your pictures will help keep smishing, phishing, and all the other ishing attacks to a minimum. This includes and is especially true for LinkedIn. Don’t let the public have your private information! It has always been relatively easy to scrape information on the internet, but it is child’s play with the explosion of AI!
Protect Yourself and Your Littles
Step 1 was to limit what the general public can see. Great job! Step 2 is to refine the permissions of what your internet friends can see. Bad actors will spend years grooming or just befriending people who they feel might give them a big payout. You have more sensitive information about your company than you probably realize and, while rare, it isn’t unheard of for competitors to try and social engineer that information out of you. More concerning on a personal level, some real sick people will use photos of your kids or potentially worse. Only let your closest friends and family see your photos of your little ones.
Account Reviews
Without looking, do you know how many 3rd party apps or websites have access to your social media? I would be willing to bet that most of us use or have used our social media platforms for single sign on (SSO). When you do that, the 3rd party app typically requests certain information. Your personal contact information is often included in that. Reviewing what apps and websites have access to your social media and data is an important step to making sure you aren’t unnecessarily leaking your data. I would recommend doing this at least once a year and disconnecting any platforms you don’t use anymore and shutting those accounts down. Data breaches happen every day and minimizing who has your data will certainly protect you.
Trust, but Verify
This world is getting crazier than ever. Part of the challenge is that it is getting harder and harder to trust your own eyes and ears. Deep fakes are growing in attacks and a video or even a phone call that sounds like a loved one may not be that person. If something feels off, trust your gut and verify the person is who they say they are. Texting or calling a known good number or validating the information with someone who should know the circumstances of the person reaching out. This isn’t incredibly common, but it is in the wild. I personally know someone whose parents were almost a victim to this.
Following the steps I outlined above won’t guarantee that you won’t ever be smished or phished but it will help you mitigate that risk. Think about what information you are sharing and if it is necessary. Limit what the general public can see, review who has access to your data on a regular basis, and verify anything that feels off. These are the easiest ways to keep you and your family safe and to prevent those phishing and smishing attacks from getting to you in the first place. I hope you all have a fantastic day, be safe, and stay vigilant!
