A smishing attack(a phishing attack through SMS, or “text” messaging) was recently used by a ring of cybercriminals to steal credit card information. The cybercriminals used this stolen bank information to purchase cryptocurrency (BITCOIN) that they then exchanged for cash. Cybercriminals sent SMS messages pretending to be a bank. The message says that a security issue needs to be resolved and will prompt you to click a link to your bank’s login page. This page looks legitimate, maybe just like your bank, but it’s actually a spoofed page that records your keystrokes. If you enter your bank login information, cybercriminals will use this information to hack into your bank account. 

Smishing isn’t always used for stealing bank information. It can be used to fool you into logging in with your UT credentials, spoofing the CAS (Central Authentication Service) login page that you use to access a number of UT resources. If you do not either see the 2FA login page or get a prompt on your phone from your Duo app, take a minute to examine the URL of the site and question whether you are on a legitimate UT site or are being scammed.

Follow the tips below to stay safe from similar scams:

• Think before you open a link. Cyberattacks are designed to catch you off guard and trigger you to open links impulsively. 
• Never enter your bank login information from a link in a text message. Instead, navigate to your bank’s official website to log in.
• Remember that this type of attack isn’t exclusive to banks. Cybercriminals could use this technique to impersonate any organization.

Learn more about how UT protects your login information:

Authentication and Authorization Protocols

Two-Factor Authentication