Do’s And Don’ts For Securing Yourself Against Smishing

The Do’s

  • Icon

    Verify if from a known person or company

    In case the suspicious message is from a friend or relative, or seemingly from your own company, contact the person whom you know through a phone call to clarify whether they are the ones who have sent the text.

  • Icon

    Always set up two-factor authentication

    Set-up two-factor authentication for your net banking account, social media accounts, and email accounts. In this method, after you enter the password and login ID in a website, you’re also asked to verify your identity through an OTP sent to your phone.

  • Icon

    Change your passwords every 90 days

    It is a good practice to use passwords that are difficult to guess. Good passwords are long, i.e. between 10-15 characters and will include:

    – Capital letters and small case letters
    – Numbers
    – Symbols, like @,#,$,%,&

  • Icon

    Remove your personal information from social media

    Remove information about your address, phone number, or any other personal detail from your social media accounts

  • Icon

    Register your phone number on the National Do Not Call Registry. The National Do Not Call Registry will block most incoming spam calls and messages on your phone. Send an SMS that says “START0” to the number 1909.

Don’ts

  • Icon

    If a link sent on a message looks suspicious, hover on the link without clicking on it to reveal the actual website link. On a mobile phone, you can long-press on a link to view the website address. Do not click on the link if the link has a spelling error, appears to have a duplicate name, or is suspicious in any way.

  • Icon

    Never click on links that begin with an HTTP:// address.

    Only place trust in websites that start with an HTTPS://; the ‘s’ in HTTPS:// stands for ‘secure’

  • Icon

    Never respond to smishing messages

    Or click on the links provided in the message. Immediately delete the message once it looks to be spam

In the next chapter, you can learn about what you should do if a smishing attack has compromised your information

Next chapter