Smishing (text message phishing) continues to grow in popularity. Smishing attacks can be difficult to catch, especially because both legitimate and phishy text messages tend to use shortened URLs. A URL is the web address of a page. Typically, the URL shows you where a link will take you.
Because text messages have character limits, including a full URL is not practical. Instead, URL shortening programs are used to create a redirect link. There is no way for you to know where that shortened URL will send you. Cybercriminals often use this technique to redirect you to a malicious website or to a download page for malware. Don’t be fooled!
Follow these tips to spot a potential Smishing attack:
Think before you click. Were you expecting this message? When did you give this company your phone number? Did you sign up for text notifications?
Be cautious of a sense of urgency. The bad guys often use words like “urgent” or “ATTENTION” to try and trick you into impulsively clicking a malicious link.