Cybersecurity Issue: Smishing Attacks
Friday, January 19, 2018 9:00 AM

“Smishing” (SMS phishing) is a text messaging scam that continues to become more prevalent. Smishing is similar to email “phishing” scams and the bottom line is identity theft.

A smishing attack uses a text message to deceive an unsuspecting target into providing valuable information, such as an account number, card number, CVV number, card expiration date, password/pin, Social Security number and other personally identifiable information. Once obtained, scammers use the information to generate, among other things, counterfeit ATM cards. Attackers may then generate a fictitious card and begin conducting fraudulent cash withdrawals, sometimes in as little as an hour. Credit unions can help fight this growing threat in the following ways:

  • Educate your members about the potential threats related to this type of activity.
  • Ensure card processing and fraud rule configurations are made to help reduce the likelihood counterfeit cards can be used.
  • Work with law enforcement when the scam is actively occurring with your members.
  • Ensure your cybersecurity incident response program, procedures and processes are up-to-date. More information on smishing and cybersecurity can be found on the Federal Financial Institutions Examination Council’s (FFIEC) website.

Source: Texas Credit Union Department