Imagine this: you get this text from the College President himself, asking for a favor. Of course you’re going to help, right? Wrong.

While we’d all probably like to think we’d get personal messages like this from administrators or our bosses, most of us probably won’t. Especially this one. It is - as you’ve probably guessed - a fake, and it’s part of a new trendy scam called spear phishing.

What is Spear Phishing?

Spear phishing describes phishing attacks that target specific people or organizations, like FSCJ in this case. The example above is also called CEO Fraud, which is when people pretend to be an authority figure within a company. It’s also an example of smishing.

What is Smishing?

Smishing is a type of phishing attack (like scam email) but these scams come to you via SMS, or text messaging. It’s called social engineering, trying to manipulate people into performing tasks or giving up personal information. If you get one of these messages, treat it the same way you would treat a scam phishing email – delete it, and report it as junk. There’s also a version of this scam called Vishing, which is the same concept except using phone calls or voice mail.

How did they get my number?

Don’t worry. These scammers didn’t access any kind of FSCJ database. They’re using the same databases that give spam callers your phone number for all those junk calls we all get. Much of this kind of personal information is acquired through malicious data breaches (like a huge one from LinkedIn this fall) or insecure apps. The only thing the scammers need to do is figure out where you work – not a tough thing to do these days via the web or social media.

So now what?

What can you do about it? Don’t answer the text! Think before you respond. Would this person really be texting you for help? And don’t answer any related calls. If you’re not sure whether it’s real or not, call or email the sender through their official FSCJ phone/email, not the number the text came from. If you think it’s a scam, delete the message and report it as spam.

FSCJ is not able to stop attackers or scammers from sending unsolicited text messages to your personal phone number. However, your phone service provider may be able to help. If you are an AT&T, T-Mobile, Verizon, or Sprint subscriber, you can report text spam to your carrier by forwarding the text free of charge to 7726 (“SPAM”).

If you want to find out if your personal information has been compromised, here are a few legitimate cybersecurity organizations that check publicly available lists for compromised accounts.

·       https://haveibeenpwned.com

·       https://cybernews.com/personal-data-leak-check/

If your email address has been compromised, you should change your password for that email account if you haven’t recently done so, as well as any accounts that use the same password.

If your phone number has been compromised, you should be especially careful when reading unsolicited text messages. If you are receiving lots of spam, you may want to consider changing phone numbers.