Smishing: The Sneaky Text Message Scam
This month we’ve been focusing on keeping you safe. The cyberworld has become a money-making playground for criminals and scammers. We don’t want you to be a victim.
In 2023, victims lost $12.5 billion via smishing scams, according to the FBI’s Internet Crime Complaint Center. The best way we can help you stay safe is to help you stay informed. Today, we’re going to focus on Smishing.
What is Smishing?
Smishing is a type of phishing attack that uses text messages (SMS) to deceive people into revealing personal information. Cybercriminals often pose as legitimate businesses, banks, or government agencies to lure victims into clicking on malicious links or providing sensitive data.
How Does Smishing Work?
Smishing attacks typically follow these steps:
Targeting: Cybercriminals identify potential victims through various methods, such as purchasing contact lists or using data breaches.
Creating & delivering compelling text messages that require action: Criminals craft convincing text messages that mimic real organizations, often creating a sense of urgency or fear, and send the malicious text message is sent to the target’s phone. Then they use phishing to get users to click on a link link or reply to the message who are then directed to a fraudulent website designed to steal their personal information.
Common Smishing Tactics
Impersonating Banks and Financial Institutions: Scammers often claim to be from your bank, notifying you of suspicious activity or requesting account verification.
Delivery Notifications: Fake shipping notifications with tracking links that lead to malicious websites.
Government Imposters: Pretending to be from government agencies, such as the IRS, to demand immediate payment of taxes.
Lottery Winnings: Promising large cash prizes in exchange for personal information.
How to Protect Yourself from Smishing:
Be Wary of Unexpected Texts: If you receive a text message from an unknown number or unexpected sender, be cautious.
Verify Information: Never click on links or provide personal information without independently verifying the source.
Use 2FA: Add an extra layer of security to your accounts by using 2FA (Two-factor authentication).
Report Smishing: Forward suspicious text messages to your carrier’s designated spam number or report the smishing attempt to the FTC at ReportFraud.ftc.gov. If you think that you are a victim of smishing, you should contact law enforcement to report the scam. You can also file a complaint with the FCC at no cost. Read the FCC Complaint Center FAQ to learn more about the FCC’s informal complaint process, including how to file a complaint, and what happens after a complaint is filed.
Always Remember: Legitimate businesses will never ask for sensitive information through text messages. If you suspect a smishing attempt, delete the message immediately and avoid clicking on any links. The best way to stay safe is to stay informed and always be cautious. by following these tips, you can reduce your risk of becoming a victim of smashing and other cybercrimes. We’re committed to keeping you safe!
Many unsolicited text messages suggest replying “Stop” to prevent future messages. The “Stop” reply seems to generate an instant automated confirmation that no future messages will be sent. Is is safe to use a Stop reply?
The best way to prevent being a victim of smishing is not to click on links in text messages you’re not expecting or not sure of. If it appears to be from your bank, credit card company, or even a a government entity, you’re best bet is to visit the entities website or call them using the real phone number. Blocking a smisher’s phone number or sending a stop reply will probably not stop them from sending you future messages since they’re probably forging or spoofing the phone number they’re texting your from.