How do you communicate with your nearest and dearest when you’re on the go and can’t make a phone call? Do you send a VoiceNote? Use WhatsApp? Alternatively, do you send a simple text message?
In a world where apps can almost run our lives for us, the humble SMS has outlived them all – and it’s still going strong. Unfortunately, though, texting has come under attack as one of the most vulnerable mediums for identity theft and more.
Here’s what you need to know about an SMS-based scam called “smishing.”
How it works
Smishing scams are similar to email phishing scams in which scammers target victims by sending an email that appears to be from their bank or credit union, internet service provider or one of their favorite businesses. Smishing scams use text messages instead of emails, but their goal is the same as phishing scams’: to establish contact with the victim and access their personal information.
The scam begins with a supposedly important text appearing to be from the victim’s financial institution of choice. Sometimes, it’s from a bank or credit union with whom they have never done business!
The text claims the victim’s checking account is locked and that the victim must take immediate action to restore it. Alternatively, the text may alert the victim about a giant, unauthorized purchase that charged to their account. The scammer warns that, if you don't contest the charge immediately, the victim will be responsible for the transaction. Scammers will always convey a sense of urgency to induce panic and trigger immediate and mindless obedience.
The victim is then instructed to call a specified number and, upon doing so, will be asked to share personal financial information. Once they’ve got their hands on this info, the scammer is free to steal the victim’s identity, empty their accounts or go on a shopping spree on the victim’s dime.
Who are the victims?
Smishing scams primarily target people who use mobile banking apps and sites. Victims who use their phones to manage their accounts don’t question when their financial institution appears to contact them by text message and, unfortunately, these smishing scams are often successful.
It isn’t just online banking users who need to be wary of smishing. Fraudsters have widened their net and have recently started sending messages to any cell phone number they can get their hands on.
If you own a checking account and a cellphone, you are vulnerable to a potential smishing scam.
Recognizing smishing scams
If you know what to look for, you’ll be able to spot a smishing scam at first glance.
First of all, your credit union will not use a text message to alert you of possible fraud or lockdown on your account; we prefer to use more personable contact methods to help ensure your privacy and personal security.
Also, the phone number the smishing text instructs you to call is not ours. We serve our members from our premises, and our number is [801-627-8700]. If you’re told to contact us at a different line, it’s not us you’re calling!
You can also spot the smishing scam just by looking at the phone number. The text will often appear to come from a number that is fake. Alternatively, it can seem to have come from one of your contacts who are kindly letting you know about the trouble with your account. In such cases, ask your friend (directly, not in response to the message) if they sent it. If they have no idea what you’re talking about, someone is using their number to lure you into a scam.
If you’ve been targeted
If you receive a suspicious-looking text that might be a smishing scam, do not engage the texter! Jot down the scammer’s number and delete the message. Let us know about the smishing attempt and tell all your friends. You can also alert the FTC at ftc.gov so they can help catch those crooks.
If you’ve fallen for such a scam and you have compromised your accounts, alert your credit card companies and be sure to let us know as well. We’ll help you mitigate the damage and regain control of your finances.
You can’t insulate your phone against these scams, but there are some proactive steps you can take to protect yourself, your device and your money.
- Always use two-factor authentication. Most credit unions require a two-factor sign-in, but if you have the choice of opting out of this extra step, don’t take it! It’s not worth the added risk.
- Strengthen your passwords. Never double your password use across different accounts, websites and apps. Make sure your passwords are strong and unique. Consider using a password manager.
- Don’t respond. Ignore text messages from unknown numbers, even if they’re not alerting you about a problem with your accounts. A text from an anonymous source may be the scammer’s first attempt at establishing contact and determining if you’re a willing target for a future scam.
Make sure you are always on the alert for smishing scams. Don’t let those crooks get their hands on your money!