The night before I was to give a eulogy at my mother’s memorial service, I was smished.
As someone who regularly writes about cybersecurity, I’m not usually duped by a cybercriminal’s tricks. But I was in a highly emotional state and not thinking clearly when the text arrived, appearing to be from my bank. “Someone has attempted to log in to your account,” the message warned, and provided a link for me to click and verify my identity.
I clicked the link.Criminals know you’re not paying the same kind of attention to security that you would on a desktop or laptop. They know they may be catching you at a moment when you’re distracted or in a rush.
A legit-looking, mobile-optimized web page appeared, asking me to enter my debit card’s PIN as a form of verification. Still not thinking clearly, I entered my PIN. When I didn’t receive an SMS in return, informing me that my identity had been verified, I finally realized I’d been scammed.
In the subsequent heart-pounding minutes, I called my bank and changed my PIN, user ID and passcode. Fortunately, after months of close monitoring, I’ve not found anything amiss in my accounts — though I received three follow-up smishing messages, which I ignored.