Protect your business from smishing and phishing attacks

You may think you are most vulnerable to digital bad actors on your personal devices and accounts, but businesses and their employees are frequent targets, too. Attacks can take the form of social engineering, hacking, denial of service attacks, supply chain attacks and even insider threats.

Lately there has been a rash of smishing and phishing messages with attachments presented as an invoice. Smishing is a scam perpetrated using SMS (text) messaging and phishing uses email. Bad actors send these messages hoping you will open the attachment or click on a link which in turn could download malware to your device.

If you receive a message from someone claiming to have an invoice for you to pay, ask yourself these questions:

1. Do I normally receive messages from this individual or company?
2. Am I expecting an invoice from the person or business?
3. Does this seem out of the ordinary?

If you answer “no” to the first two questions and “yes” to the third, it’s probably a smishing or phishing attempt. Don’t open the attachment or click the link. Instead, delete the email and follow your company’s Cybersecurity procedures.

Back to financial education resources