ALERT: A SMiShing Scam is Targeting the 607 Area

Mobile devices associated with the 607 area code are being targeted by text message-based phishing attempts, also known as SMiShing. It is important that you are able to identify these messages so that you aren’t added to the list of those fooled by them. The same also goes for your employees.

How Are Oneonta Numbers Being SMiShed?

Members of the local branches of NBT Bank and Sidney Federal Credit Union have reported that fraudulent text messages have been sent, alleging that the recipient’s debit card has been locked, or needs attention. These messages then provide a number to call to help resolve this problem, which is how those behind the phishing attack extract the information they need from their targets.

We cannot express strongly enough: do not attempt to call or text this number if you receive one of these messages, and offer no information.

These messages have thus far focused on recipients with a 607 area code and come from the following three numbers:

1-410-100-001
1-410-100-002
1-410-200-500

NBT Bank provided this screenshot of the SMiShing attempt in their fraud alert.

SFCU has also provided a message on their website to warn their members that reads: “Scam alert! Fraudulent messages have been reported concerning debit and credit cards. Do not call the number or give any of your personal information.”

What is SMiShing?

We actually covered this a few years ago, when SMiShing was really emerging as a major threat. SMiShing is the mobile version of phishing, where deceptive messages meant to fool the recipient into an attack are shared via SMS text message, rather than an email.

Keeping SMiShing Away

• Do you know who it is who sent you the message? While many of us likely don’t have our bank’s mobile notifications saved as a contact in our phone, it shouldn’t be too hard to tell if both messages came from the same source. Naturally, any links should be avoided until you’re certain that the message is legitimate.
• Check the number it came from. There are many websites out there that can give you a sense of if a number is legitimate - and as an added bonus, you might find some results that tell you if a number is a known SMiShing number. If the message contains other numbers that aren’t phone numbers, it is a sign that the sender has masked their identity… and there are only so many reasons that someone would do that.
• What is being asked for? If a text message has asked you for financial information or encourages you to respond quickly, it probably isn’t legitimate.

Protecting Oneonta Businesses Through Awareness and Training

SMiShing, and just about every kind of phishing, can be tricky to spot. We encourage that you get some practice by leveraging this online quiz, and you may want to encourage your employees to do the same.

At Directive, we’ve committed ourselves to protect our clients from online threats - and yes, that includes phishing attempts. However, because these threats work differently than many of the others we help prevent, our approach is a little different as well.

Phishing just can’t be stopped by a special hardware or software solution - the only thing that works is being able to know it when you see it. This requires education, which is where we come in.

We have the tools to evaluate how susceptible your business potentially could be to phishing. We’ll run a phishing simulation to see who takes the bait, and then we’ll work to educate those who were fooled so they won’t be if they face the real thing.

Cybercriminals are getting clever - you need to make sure your business is prepared to resist their efforts. Reach out to us today to learn more about our phishing simulations, and what else you can do to keep your business safe. Call us at 607.433.2200.