Smishing Scams – What to Look Out For

August 11, 2023

Text messaging has come under attack as one of the most vulnerable media for identity theft and more. Here’s what you need to know about an SMS message-based scam called “smishing” (SMS + phishing).

How It Works

Smishing scams use text messages to establish contact with the intended victim to later access their personal information. The text messages warn that immediate action must be taken. There are several versions of this scam currently circulating:

• The scammers might pretend to be from your financial institution. The text may claim that the victim’s checking account is locked, or that there has been an unauthorized purchase charged to the victim’s account. The scammer will warn that immediate action must be taken. The victim is then instructed to call a specified number and, upon doing so, will be asked to share their financial information or login credentials. Once they’ve got their hands on this info, the scammer is free to steal the victim’s identity, empty their accounts, or go on a shopping spree on the victim’s dime.
• Have you gotten a verification code from one of your accounts, but you haven't tried to login recently? Someone is probably trying to access your account. Don't click on any links, and don't share the code with anyone who asks for it. If you are also asked for login information or payment information, don't share it.
• Some smishing scams pretend to be the United States Postal Service, alerting you that your package won't be delivered unless you click on the attached link. Don't click! It's a scam! The link might install malware on your device, or it may prompt you to login to their fake website so that they can steal your personal information.
• Other scammers pretend to represent your streaming services, like Netflix or Hulu. They tell you that your service has been interrupted, and that you must login to your account or update your payment method right away. Not only is this a scam, but your actual streaming services will never text you for that information. Don't click on any links or send any information.

Who Are the Victims?

Smishing scams primarily target people who do their banking, shopping, and socializing online, but fraudsters will use any cellphone number they can find. If you own a cellphone, you are a candidate for a smishing scam.

Recognizing Smishing Scams

Your financial institutions, streaming sites, shipping services, and shopping sites will not alert you of a possible fraud or account lockdown via text. If you have any questions about who is contacting you, you can always visit the legitimate website to get contact information for the business.

If You’ve Been Targeted

If you receive a suspicious-looking text, do not engage the texter! Jot down the scammer’s number or take a screenshot, and then delete the message. Let the business know about the smishing attempt and alert the FTC.

If you’ve fallen for the scam and your financial accounts have been compromised, alert your credit card companies and be sure to let us know, too.

Protecting Yourself

1. Always use two-factor authentication for banking app and sites.
2. Use strong and different passwords across your accounts and apps.
3. Ignore all text messages from unknown numbers.

Don’t let those crooks get their hands on your money!