Are you vulnerable to smishing attacks? You are if you have a smartphone and use texting. Smishing is like phishing, but instead of using email, perpetrators send you a text message, SMS, in an attempt to gather your personal or financial information or use your phone for malicious attacks on others.
In smishing, scammers use text messages to send links to websites that download malware on your phone or email addresses that prompt you to fall into a social engineering scam, or just to elicit a response in order to gain your trust and your money.
In one example, you get a phony text messages that look like alerts from a bank where you may or may not have an account. The message appears to be about your password or account status, but if you follow the link, the page asks you to verify your information by entering account data or personal information.
These scam texts use a variety of messages and techniques, but the desired outcome is the same. If you call a number or go to a website, scammers will use the opportunity to obtain your banking information. For example, the website may prompt you enter your ATM card number and PIN under the guise of “reactivating your ATM card.” Other times, the link may download malicious software that gives scammers access to anything on the phone.
If you receive one of these scam messages, take the time to verify before clicking anything. The first step is to ignore instructions to text “STOP” or “NO” to prevent future texts. This is a common ploy by scammers to confirm they have a real, active phone number. If you think your text message is real, be sure it’s directing to a web address like “yourbank.com” not “yourbank.otherwebsite.com.” Keep in mind, if you have not previously signed up for text alerts, one out of the blue should raise a red flag.
Call the bank or check out their website. If they have been targeted by a scam, they may have further information about it. This often includes an email address where you can send a screen shot or details about your scam text to help identify and stop the scammers.
Of course, criminals get creative, so you can count on different smishing tactics to arise. Be suspicious of links sent in texts by people you do know. Your friend’s phone could have been compromised or stolen. A hacker could be spoofing, or pretending, to be someone you know. If someone asks for your personal or financial information or an account login or password by text, don’t respond. You should never give this information to anyone over a text message.
For more about scams, go to BBB.org/ScamTips. Read more about phishing scams at BBB.org/PhishingScam. If you’ve been the victim of a scam, help others avoid falling victim by reporting what happened on the BBB Scam Tracker.