TECH EXCHANGE | A ZDNet Multiplexer Blog What's this?

Beware of texts with links

Can you tell the difference between the real and the spoofed?

You may have noticed that many retailers are keen to sign you up to their member's/ rewards programs and that involves taking your name, email address and mobile number. Particularly intrusive retailers want your birth date too...gee..how about my Tax File Number while we are at it?

So if you have given your actual mobile number, you often then get texts about the latest sales or offers- and you may want this. These kinds of texts, while for some might be annoying, they are generally inoffensive.

However, there are also the texts that are have links and just like phishing emails...we also having phishing texts with malicious links. Better still, these texts can often appear to come from retailers or service providers you do deal with.

So how do you tell the real text with the real link from the spoofed text with the malicious link? Mobile malware is a big deal and unpicking malicious software from your device can be tedious and cause you real problems. You also don't know what it has been doing with the valuable information on your handset like your emails, contact lists, online passwords or messages.

Sometimes spotting the real text and fake one is easy- if it comes from a provider you have never heard of and has a link to a 'survey' offering a free tablet etc, an offer that is too good to be true - then it usually is.

However, some retailers routinely send texts with links to their customers. It may be convenient but it isn't building cyber awareness in their consumer base.

So, my advice is simple- don't click on links in any texts from any providers unless you are expecting a text from them and it has a unique identifier that only you and that provider would know (like a customer reference number).

All organisations, including my own employer, Telstra, have an obligation to build cyber awareness in customers. This means we need to build in a healthy degree of cyber suspiciousness (cyber stranger danger to bring it back to a real world analogy). We cannot educate our customers to accept that all texts that purport to come from Telstra actually are from Telstra. It is easy to 'spoof' a sender so it looks like Telstra but in reality it might originate from a far flung country.

Financial institutions in Australia get this right. If my bank texts me, they ask me to contact them on their advertised number and also advise me about the issue in the text. There is never a link to click.

So next time you get a text wanting you to take click on that survey/ order/ account information link- the same advice goes- think before you click and if in doubt, call them on their advertised number or go to their official website.

Cyber stranger danger starts with all of us.

For more security go to Telstra Exchange.