Image of hands sending an SMS
Image of hands sending an SMS. Author: Wikimedia Commons. 2016.

Thanks to their over 90% opening rates, SMS are used in many areas within an organization or company, from event invitations or event registrations to promotional messages. For this reason, we offer 5 tips on cybersecurity to make sure that your SMS messages are not confused with those sent by cybercriminals, as well as protecting the recipients themselves.

1. Sensitive data is never requested or sent. Organizations or companies must inform customers and collaborators that sensitive data will never be requested by phone, email or even SMS. For example, if someone requests passwords, bank account numbers, or the like, the recipients of the message must be able to immediately recognize an attempted fraud. For the same reason, users should never give this data through these channels.

2. Advance notice is required. If the company or organization notifies customers and collaborators in advance about which media to use, it will avoid arousing suspicion in the event that an unexpected channel is used. This notification is usually made through a channel other than the SMS itself.

3. Secure link in the message. It is advisable to inform recipients that they should be wary when there is an insecure link in the content of the SMS. Users should only rely on addresses preceded by "https:" and not "http:", as only in the first case is there any certainty that the communication is encrypted to ensure data security.

4. Alphanumeric senders. A highly recommended practice is for the name of the sending company or organization to appear in the SMS. This way, the recipient of the SMS can read the sender's name instead of seeing the mobile phone number from which the shipment came out. This helps to easily identify who is communicating with them even before opening the message.

5. References known to the user. It is essential that the content of the message is clear and free of spelling errors. In addition, it must incorporate elements that make the user attribute it to a known activity.