Scam of the Week: Fishy Smishing

We’ve all heard about phishing scams – those deceptive emails that try to lure us into clicking malicious links or revealing personal information. But what about smishing? This lesser-known cousin of phishing uses SMS (text messages) to target unsuspecting victims, and it’s on the rise.

In this blog post, we’ll take a deep dive into smishing scams, how they work, and what you can do to protect yourself.

What is Smishing?

Smishing combines “SMS” (Short Message Service) with “phishing” to create a term for phishing attacks delivered via text messages. Scammers use these texts to create a sense of urgency, fear, or excitement, manipulating you into taking an action that benefits them. This action could involve:

  • Clicking on a malicious link that downloads malware onto your phone.
  • Replying with sensitive information like your bank account number or password.
  • Calling a fake customer service number where a scammer tries to steal your personal details.

How Do Smishing Scams Work?

Smishing scams rely on social engineering tactics to exploit human psychology. Here’s a breakdown of their common methods:

  • Impersonation: Scammers often disguise their phone numbers to appear like they’re from a trusted source, such as your bank, credit card company, delivery service, or even a government agency.
  • Urgency: The message will often create a sense of urgency, pressuring you to act immediately before you have time to think critically. Examples include claiming suspicious activity on your account, an impending service disruption, or a limited time offer.
  • Fear: The message might exploit your fear of missing out or negative consequences. For example, it could warn about a package delivery issue or a potential account breach.
  • Greed: Some smishing scams lure you in with promises of unexpected rewards, like winning a contest or receiving a large refund.

Examples of Smishing Scams:

  • The Fake Delivery Notification: You receive a text claiming your package delivery is delayed or requires additional information. The text includes a link to a fake tracking website that steals your login credentials.
  • The Urgent Bank Alert: A text appears to be from your bank, warning of suspicious activity on your account and prompting you to call a fake customer service number to “verify” your details.
  • The Prize Winner Scam: You receive a text congratulating you on winning a contest or sweepstakes. Clicking the provided link takes you to a fake website that asks for personal information in exchange for your “prize.”

How to Protect Yourself from Smishing Scams:

Staying vigilant is key to avoiding smishing scams. Here are some essential tips:

  • Be Wary of Unfamiliar Numbers: Don’t trust phone numbers you don’t recognize. Legitimate companies will typically contact you through channels you’ve opted-in for, like your bank’s secure messaging system.
  • Don’t Click on Links or Attachments: If a text message contains a link or attachment, especially from an unknown number, avoid clicking on it. These links could lead to phishing websites or download malware.
  • Verify Information Directly: If a text claims to be from your bank, credit card company, or another institution, contact them directly through a phone number or website you know is genuine. Don’t use the information provided in the text message.
  • Never Share Personal Information: Legitimate companies will never ask for sensitive information like passwords or account numbers through text messages.
  • Report Suspicious Texts: If you receive a suspicious text message, forward it to your mobile carrier’s spam reporting number (often 7726). You can also report it to the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov/.

Empowering Yourself Against Smishing:

Smishing scams can be sophisticated, but by being aware of the tactics scammers use and following these safety measures, you can significantly reduce your risk of falling victim. Remember, staying informed and exercising caution are your best defenses against smishing scams.

For additional resources and information on smishing, you can visit the websites of these trusted sources:

Back