Cybersecurity Blog

Smishing attack thwarted by faculty member – 03/14/2023

 

It was just after 11:00 AM on a Friday when Kelly Sundberg received this text message

 

 

This was an odd request as the text was coming to Kelly’s personal phone.  However, if something was urgent, maybe it was Tim texting him.  What Kelly did next saved him from being scammed out of thousands of dollars, he contacted the Presiden’ts office and asked if it really was Tim that had texted him.

As it turns out, Tim wasn’t even in the city. The text had definitely not come from him.  It had come from a scammer whose next move would have been to convince him to purchase gift cards as rewards for hard working colleagues.

Before you say, “I would never fall for that scam”, know that more than one person on campus has. It isn’t because they are stupid or because they didn’t take their cybersecurity awareness training. They became victims because the attackers are just that good at confusing you, creating urgency and getting you to react instead of think.

Kelly did two very important things right, firstly he stopped and let his rational thought kick in before he took action.  As a result, the attackers did not have a chance to confuse or manipulate him.  Secondly, he followed the guidelines in the cybersecurity awareness training, verify before you take action.

No matter how certain you are that a text or email is coming from your boss, if an unexpected request is made, call the sender and make sure the message actually came from them. That one step saved Kelly, it could save you too.

 

Leave a Reply

Your email address will not be published. Required fields are marked *