A phishing attack via text message can seem like an innocent request for account updates or a limited time offer. But it may really be a way for cyber criminals to verify your phone number to send you more messages.
SMS fraud can take many forms – SMS toll fraud, smishing and malware distribution to name a few. All of them involve bad actors who abuse the ubiquitous nature of SMS workflows.
Fraudulent text messages
Criminals use text messages such as the Monzo text scam to try and get your personal data or money. This form of phishing has been called SMiShing and is gaining in popularity. These texts can be used to impersonate reputable companies and ask for sensitive information, such as your username or password. You should only ever open a message that you know and trust. Never click on any links included in the text. Doing so can lead to a fake website that mimics a real company and trick you into typing in personal information to be stolen by cybercriminals.
Scammers often use urgency to convince you to act. They may say, for example, that your bank found suspicious activity in your account and request your banking details to verify identity. It is always best to contact your bank directly by calling their official number rather than clicking on any links included in a message.
Another popular scam involves fraudulent texts that dangle free money or prizes. Scammers may also use information from your social media account or online footprint in order to make their message seem more convincing. For example, an email that looks as if it was sent by a friend might ask for money to get them through a financial crisis. Or, it could pretend to be a romantic interest.
Scammers may also send you a message that claims your package has been delayed. These messages may ask that you click on a hyperlink and provide additional delivery or tracking information. Your credit card number can then be stolen.
Look for poor grammar and spelling mistakes in a text, as major companies rarely use this method of communication. Scammers will use typos in order to create a more genuine-looking message. You can call the person you think sent a suspicious message to confirm it was really them and to confirm any urgent request.
Bank text messages
Scammers often spoof messages that appear to come from your bank or another company you trust. They use your trust in these brands to suggest that there is a problem with your account or you need immediate action. These texts will usually contain a phone number or link that you need to call to resolve the problem. The links could lead to a website, which appears to be authentic but is not. Scammers may ask for personal data or transfer funds into their own accounts.
Federal Trade Commission receives many reports of scams involving banks. Many of these texts claim to have detected suspicious activities in your account or to have attempted to make a large transaction using your credit or checking account. These alerts can be convincing, especially since they rely heavily on scare tactics and a feeling of urgency to convince you into acting without thought.
These text scams can also be difficult to spot, as they are often riddled with misspelled words and strange symbols, which can be hard to detect in a short message format. Additionally, the phone numbers used are often spoofed so that they are identical to your bank’s actual contact number. Check the phone number in the text message to make sure it is the one on your account statement. You can also contact customer support if you are unsure.
Text messages from a company that you know
While email phishing scams are the most common, SMS phishing (or “smishing”) attacks can be just as dangerous. Cybercriminals may use a spoof of a service or company you trust to trick you into clicking a link or revealing information.
Smishing attacks always evolve, but some characteristics are common in most scam messages. There is a sense that the message is urgent, there are typos or other errors, and it asks for personal information or account details. Smishing attempts often claim to be a trusted company or government agency such as the IRS or FBI.
The most common smishing is a message claiming you won a contest or giveaway that you never entered. The message usually includes a reply or link option, and asks for your name, address or credit card number to collect your prize. If you click on the link, your device will be infected with malware or taken to a spoofed website that collects your personal information for criminal purposes.
Another common smishing tactic is to send a message with a sense of urgency, claiming your account has been compromised or that you will be charged a fee if you don’t respond immediately. Scammers also commonly use fake helplines to make the message appear more legitimate. Text messages are not used by legitimate banks or services to request account updates, login information, or other urgent information. Instead, you can check your account directly or call the company’s helpline.
While the premise of these scams is simple, they can be very effective. These scams can lead to financial or identitiy theft. Vigilance is the best way to protect yourself from these scams.
Text message scams most commonly involve claiming to have a package, account or other service with a business and then asking for personal details to confirm or update them. Scammers may ask you to click on a link leading to an unexpected URL or site, which could lead to malware being installed on your device. Cybercriminals can access your account information, credit card numbers and other sensitive data by responding to these messages.
You should not click on the link in a text message claiming to be from an official government or company website. Instead, call the number provided. This will help you validate that the contact is legitimate, which can thwart many smishing attacks.
Another type of unsolicited SMS is the family crisis scam, which asks for money to be sent to a member of your family who is in distress. These kinds of messages can be particularly deceptive because they invoke your empathy for a loved one in need, which may make you want to send money to help them out. If you believe a friend or family member is in trouble, reach out to them to see if everything is okay.
Scammers can also fake the names and numbers of well-known organizations and companies, such as Amazon and Facebook, in order to trick you into thinking that you own a product or an account with them. These kinds of scams can be very effective, especially if you have an online shopping or social media account with these companies. If you do not have any of these accounts, consider creating them to protect your information and finances.