Skip to the main content.
What Size Law Firm Are You?

We've crafted solutions tailored to your firm

Insurance Glossary

The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.

← Blog Home

There’s Something “Phishy” about Certain Text Messages

2 min read

There’s Something “Phishy” about Certain Text Messages

For the sake of your clients, I hope you, and every other person who works at your firm, know full well what phishing attacks are and at least the basics of how these email attacks can be thwarted. If not, it’s way past time for everyone to come up to speed, and I strongly encourage you to do so posthaste! Here’s why. Phishing attacks also occur in the text messaging space. This type of scam is called smishing. Think SMS phishing. Just as with email, cyber criminals are applying social engineering tactics to text messaging and it’s a serious threat.

Smishing is particularly problematic because people are more inclined to trust a text message than an email and are less aware of the security risks surrounding text messages. Basically, what happens is cyber criminals obtain phone numbers that have been exposed as a result of a data breach, or they use web crawlers to gather numbers from social media sites, or they may even just use a random number generator. Then they start sending out text messages trying to trick recipients into clicking on a link or calling a number all done in the furtherance of identity theft, to capture login credentials, or to have the recipient unwittingly download a malicious app. Making matters worse, the number the text message appears to originate from can be a spoofed phone number, meaning it appears to be coming from a reputable source when it actually isn’t.

Here are a few tips that can help prevent you and everyone else at your firm from falling prey to a smishing attack.

1) Remember smart phones are computers. They need to be protected with a security app just like all your other computers. If you don’t already have a security app running on your smart phone, get one now.

2) Don’t trust text messages that attempt to get you to reveal sensitive information, especially if the text contains a portion of your credit card or bank account number. This kind of information can be obtained as a result of data breaches and is sometimes used to try to convince recipients that the text is legitimate when it actually isn’t.

3) Always log in to any online accounts through your phone’s browser or through a company’s mobile app that has been previously installed. Never click on an unexpected link in a text to start the login process.

4) If the text appears to be coming from a reputable company, but still seems suspicious, call the company’s customer service number after looking it up on the official company website. If they confirm that it’s not from them, just delete the text.

5) Treat text messages with the same level of suspicion that should be in play with email, particularly ones that try to play with your emotions. In other words, stop and think before you click on any links or provide any information. If you let your emotions get the best of you, you risk enabling the download of a malicious app or you’ve just turned over sensitive information to someone who definitely doesn’t have your best interests at heart.

6)Don’t reply to suspicious texts even if the text itself says “text stop” to stop receiving messages. If nothing else, replies confirm that the phone number is an active number and more smishing attempts will surely follow.

7) Always be on the lookout for similar tactics in platforms like What’s App, Facebook Messenger Instagram, and the like.

8) And finally, use a VPN. VPNs can help spoof your actual location which may make it easier to spot a few text scams that rely on their appearing to be from a local number. In addition, by encrypting your data stream, even if your phone is, or eventually becomes, infected with a malicious app, the scammer may be unable to obtain anything of value because the data is encrypted.

printfriendly-pdf-button-nobg-md-Nov-01-2022-08-44-54-4335-PM

 

Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.

Why Your Law Firm Needs Social Engineering Awareness Training

1 min read

Why Your Law Firm Needs Social Engineering Awareness Training

Some time ago I had a conversation with a few lawyers who had come close to being scammed out of several hundred thousand dollars. While I was...

Read More
The Phishing is Better than Ever

2 min read

The Phishing is Better than Ever

Remember the good old days when it was pretty easy to recognize a phishing attack? Who couldn’t determine that an email asking for verification of...

Read More
ALPS In Brief – Episode 38: Empower Your Employees to Make Smart Security Decisions

14 min read

ALPS In Brief – Episode 38: Empower Your Employees to Make Smart Security Decisions

As an organization or law firm of any size looking to build a cybersecurity plan, your first step should be training your staff — making everyone...

Read More