Information Security Advisory

ITS Security Office – BGSU 1/24/2013

Smishing (phishing via SMS text message)

Systems Affected

All BGSU mobile device users

Overview

Smishing is a form of SMS spam in which unsolicited text messages are sent with the intent of obtaining from the recipient sensitive, personal and/or financial information via a web link, fraudulent web site or telephone number. The most common forms of smishing are when the messages pose as a customer’s financial institution or other business that might have access to sensitive personal information. The messages will also often say that you have won a prize and to click on the link to collect or for more information.

About 30 million smishing messages are sent to cell phone users across North America, Europe, and the U.K every day. In the U.S. there has been an almost 400 percent increase in unique SMS spam campaigns in the first half of 2012.

Recommendations

• If you receive one of these messages, DO NOT CLICK ON ANY INCLUDED LINKS!
• Never give out sensitive information via text
• Forward smishing texts to 7726 and your cell provider will mark them as abuse
• If you think that you have been the victim of a smishing attack, file a complaint with the Federal Trade Commission at ftc.gov or call 1-877-HELP (4357)
• BGSU will never ask you for personal information via text message

DISCLAIMER: Information Security Advisories and related resources provide technical and administrative advice to protect sensitive information on the University network and to help BGSU comply with regulations pertaining to information security. Failure to comply with these advisories may directly or indirectly increase the risk of exposure or compromise of sensitive University information. These advisories and resources do not provide legal advice – contact the BGSU Office of General Counsel or other appropriate legal advisor for interpretations of regulations.