Our eAdventist team has helped a growing number of churches investigate scam text messages, like the one below, sent to their members – seemingly from the pastor. Their initial concern is often that their church’s eAdventist Messaging List has been compromised and is being used by an attacker.
What is “Smishing”?
Most people are aware of “phishing” – or email scams – by may not realize that scammers can also target them with deceptive text messages sent to their mobile devices. “Smishing” is a phishing attack that uses deceptive SMS text messages to trick people into downloading malware, sharing sensitive information or sending money to cybercriminals. This kind of scam can be particularly effective with groups of people that know and trust each other – like companies, sports leagues and churches.
Signs of a “Smishing” attack
The biggest “red flag” is that message comes from a number that you don’t recognize. Attackers frequently use a name that you know (e.g. your church, your pastor), but that’s the bait they use to disguise the hook.
The other big clue is that the message includes a link, phone number or request to bait you into clicking, calling or sending information. If you do, you stand a good chance of being hooked.
Has eAdventist been compromised?
In each of the cases we have investigated, neither eAdventist or the pastor had been compromised. The best way to verify this is by finding recipients who are not even listed in eAdventist or don’t have their email or mobile phone in eAdventist. This indicates that the attackers obtained the contact info from another source.
Most commonly, a member has fallen victim to another attack and the attacker has gained access to the member’s phone or computer. This allows the attacker to discover names, emails and numbers in the member’s contacts and messages. Discovering the name of the member’s church or pastor is gold for the cybercriminal, because they can exploit the “trust” factor.
Using a messaging tool – like eAdventist, MailChimp or SimpleTexting – actually protects your congregation against “Phishing” and “Smishing” attacks because the email addresses and phone numbers of other members are never included in the messages – where an attacker could discover them.
Avoid being a victim
Validate any suspicious text messages, before you respond. Call a known number or email a known address to confirm whether the text message is legitimate.
- Never click links, reply to text messages or call numbers you don’t recognize
- Don’t respond, even if the message urges you to “text STOP” to end messages
- Delete all suspicious messages
- Keep your device OS updated to the latest version
- Protect your sensitive information – bank accounts, health records, social media accounts – by using multi-factor authentication
In case of a “Smishing” attack on your church
Please contact our eAdventist team at help@eadventist.net if you suspect that your church or members are being targeted by a “Smishing” attack. We will gladly help you verify that your eAdventist data and tools are secure, and suggest ways to limit the damage to your congregation.
eAdventist team
Additional resources
- Phishing attacks: defending your organisation – National Cyber Security Center
- Avoid the Temptation of Smishing Scams – Federal Communications Commision
0 comments on “Smishing Attacks on Churches”