June 22, 2023

Vanderbilt Enterprise Cybersecurity warns employees about malicious text messages, aka “SMSishing”

Vanderbilt Enterprise Cybersecurity would like to warn its users about SMSishing.  Malicious actors are now finding new ways to compromise a business or individuals other than phishing. The term “SMSishing” comes from a combination of the words SMS (text message) and phishing.

SMSsishing happens when an attacker uses fraudulent text messages to try and impersonate reputable companies. Just as with phishing emails, the goal is to trick users into giving personal information or sensitive information about their business.

How to spot SMSishing:

  1. The texter claims to be from a reputable source, CEO, your boss, Law Enforcement, Social Security Administration, IRS, etc.
  2. The texter will ask you for information like a credit card, bank account number, or social security number. They might even have some of this information to make them look like more of a reputable source
  3. There is a sense of urgency, and they will threaten you with locking your account or even warrants for your arrest. They might even use threatening or vulgar language to try and intimidate you.

If you believe you have recently been a victim of SMSishing, please reach out to the organization that owns the information you have given out. This means that if you think you have given your bank info, reach out to the bank to let them know the situation. It is recommended that you change account numbers. An extra preventative step would be to freeze your credit reports so no one can open new credit lines with your information. VUMC Enterprise Cybersecurity recommends sending details to phishing@vumc.org if you believe that someone is reaching out to you to gain information about VUMC and is not who they say they are.