Phishing scammers are not simply targeting victims by email. They are also sending text messages asking for personal information so they can steal your identity and apply for new credit in your name. This scam, called smishing, or SMS phishing, is any type of phishing activity carried out through text messages.
According to Symantec, users tend to trust text messages more than emails. In turn, these users are less cautious with clicking on text message links.
How do smishing scams work?
Smishers send text messages instructing the receiver to confirm account information by completing one of these tasks:
- Call a phone number: An automated system will usually take the phone call. The system will ask you to enter your personal information, such as a bank’s debit card number and PIN.
- Click on a link: The text directs the receiver to a portal cloaked as a legitimate institution. The scam portal will then ask the user to confirm the account information by entering personal data. Alternatively, the portal can start installing keylogging software that records your keystrokes, including your account login information to financial websites.
What are some examples of smishing scam messages? (From USA Today)
- Dear customer, Bank of America needs you to verify your PIN number immediately to confirm you are the proper account holder. Some accounts have been breached. We urgently ask you to protect yourself by confirming your info here.
- IRS Notice: Tax Return File Overdue! Click here to enter your information to prevent being prosecuted.
- Your entry last month has WON. Congratulations! Go to [URL] and enter your winning code – 1122 – to claim your $1,000 Best Buy gift card!
How can you protect yourself from smishing scams?
- If you get a text asking to confirm information, it is not coming from a legitimate organization. Government agencies and banks will not ask for personal and financial information by text message.
- Do not reply to text messages from numbers you do not know, not even tell them to stop contacting you. Block the number if the function is available on your phone plan.
- Do not open links from numbers you do not know, especially if it comes from a 5000 number. There is no filtering program available to block malicious texts from reaching your phone. Delete the message instead.
- Do not call the number listed in the text message. Go directly to the institution’s website and use their posted phone number instead.
- Report a spam text message to your phone carrier by forwarding messages to 7726 (SPAM). Your phone carrier will investigate the issue.
- Install anti-virus/anti-malware protection on your device.
- Examine your phone bill for any unusual charges.
- Add your phone number to the Do Not Call Registry.
- Do not post your phone number on social media.
- Update your smartphone’s operating system to its latest version.
- If you gave out your confidential information by text already, contact these credit card reporting agencies and they will determine if they need to place a fraud alert on your file:
- If you are a victim of a smishing scam, file a complaint with the Federal Trade Commission (FTC). Email your information to firstname.lastname@example.org.
If you have any questions regarding the security of your smartphone, you can reach out to SwiftTech Solutions at 877-794-3811 or email@example.com.
Security Through Education. SMiShing. Retrieved from: https://www.social-engineer.org/framework/attack-vectors/smishing/
RSA Security Inc. Phishing, Vishing and Smishing: Old Threats Present New Risks. Retrieved from: https://www.emc.com/collateral/white-papers/h11933-wp-phishing-vishing-smishing.pdf
Swanson, L. Beware of Text Message Phishing — or “Smishing” — Scams. Retrieved from: https://www.ag.state.mn.us/Brochures/pubtextmessagephishingorsmishingscams.pdf
Segarra, L.M. ‘Smishing’ Is Internet Scammers’ New Favorite Trick. Here’s How to Avoid It. (2017, July 7). Retrieved from: http://fortune.com/2017/07/07/smishing-scam/
Federal Trade Commission. Text Message Spam. Retrieved from: https://www.consumer.ftc.gov/articles/0350-text-message-spam
CNBC. ‘Smishing’ scams target your text messages. Here’s how to avoid… (2017, July 5). Retrieved from: http://www.cnbc.com/video/2017/07/05/smishing-scams-target-your-text-messages-heres-how-to-avoid-them.html?play=1
Norton. What is Smishing? Retrieved from: https://us.norton.com/internetsecurity-emerging-threats-what-is-smishing.html
Philadelphia Federal Credit Union. Smishing. Retrieved from: https://www.pfcu.com/financial-education/security-resource-center/smishing