What Is Smishing?
Don’t let the funny name confuse you. Smishing is a major scam.
While a text may seem perfectly normal, it could be from someone with malicious intent—someone who wants to steal your identity, your bank account number, or other sensitive information. A recent report by the cybersecurity company Proofpoint found that 84 percent of organizations surveyed faced texting attacks. But companies aren’t the only ones being targeted. Scammers are sending scam texts to individuals, as well. This practice is called smishing. Here’s what you need to know about it—and how to protect yourself.
What is a smishing attack?
Smishing attack sounds a little scarier than it actually is. It isn’t really an attack—it’s more of a finesse. The scammer is basically trying to trick the targeted person on the other end of a text message.
Smishing definition
Smishing is a type of phishing attack that uses social engineering to get personal information about someone using text messaging. In case you were wondering, here’s how smishing and phishing are different from vishing.
What it is
Basically, these fake texts are an attempt to get your personal information by pretending they come from sources you know and trust, like your boss, the IRS, or a bank. According to Ryan Prejean, help desk lead at Guardian Computer, an IT support and service company based in New Orleans, these texts often include messages like:
-
They’ve noticed suspicious activity or log-in attempts
-
There is a problem with your account or payment information
-
You must confirm personal information
-
You need to click on a link to make a payment
-
You’re being given a coupon
-
Your child is hurt and personal information needs to be sent for their treatment
-
You’ve been overcharged for something and you’re being offered a refund
-
You’ve won a prize and you need to claim it
All of this is an attempt to get you to give them personal information like your social security number, bank information, or credit card details. A good smishing attack can be used to steal your identity in order to drain your bank account, charge up your credit cards, or take out loans in your name.
Why it’s on the rise
There are many reasons why smishing is on the rise. One major reason is that it’s an easy scam to execute. All the scammer needs is a few phone numbers and a tricky way to get people to reply to a text so that they can get information.
Plus, people love text messages. Around 95 percent of text messages are opened and responded to within three minutes. Only 20 percent of emails are even opened, let alone replied to, so you can see how texting scams can be more appealing to a thief. FYI, here’s how hackers could also use virtual schooling to steal your information.
What is an example of smishing?
Spam texts usually use three steps to trick their victims. First, the company’s name isn’t in the text. Second, the text contains a shortened link (usually a bit.ly link) so that the website isn’t clearly identifiable. Third, the text is urgent to get victims to take action while they are off-guard.
Here are some example of smishing texts:
-
“You have won $5,000. The prize needs to be claimed ASAP. Please reply with your bank information so we can deposit the money into your account.”
-
“Your package has been lost. Please click here for more information: http://bit.ly/123R4m”
-
“Your IRS tax refund has been denied. Click here to file a review in 24 hours: http://bit.ly/sdfsd5”
How to protect your phone against smishing
Though preventing this scam completely isn’t possible, you can stop a lot of it by setting up spam filters on your phone. To set up the filter on your iPhone, follow these steps:
-
Go to the Settings app
-
Tap Messages
-
Find the Filter Unknown Senders option
-
Turn it on by swiping the button to the right
If you have an Android phone, follow these steps:
-
Go to the Messaging app
-
Tap the three dots icon in the upper right of the screen
-
Choose Settings
-
Tap Spam Protection
-
Turn on Enable Spam Protection by swiping the button to the right
Some Androids don’t have filtering, so if you can’t find the Spam Protection option, your phone probably doesn’t filter messages. In that case, you’ll need to install an app like Nomorobo or RoboKiller.
You may also be able to use filtering tools that are offered by your wireless carrier. Here are some provided by major wireless carriers:
-
Verizon Call Filter
-
AT&T Call Protect
-
T-Mobile Scam ID, Scam Block, Name ID
-
U.S. Cellular Call Guardian
What to do if you get a smishing text
If you get a smishing text, don’t reply. Don’t even text “stop.” Any kind of communication tells the scammer that your phone number is active—and ripe for targeting again. Your best bet is to block the number.
“Users should also report all spam texts to their wireless carrier for them to investigate,” says Prejean. “You can send any suspicious or spam messages to 7726 (which spells SPAM) if your carrier is AT&T, Sprint, T-Mobile, or Verizon.”
What should you do if you clicked a scam link?
Everyone makes mistakes. If you think you’ve already clicked a fraudulent link and/or provided compromising information, take immediate action. First, change all of the passwords that are associated with the information you gave out. Next, contact the real company you thought you were texting to let them know what happened. Also, make sure to run a malware check on your phone to ensure the link didn’t allow malicious code to be downloaded on your phone. Two good malware removal apps are Malwarebytes and Avast Antivirus.
Most importantly, if you gave out bank or credit card information, contact the bank or credit card company to report suspected fraud and cancel the card associated with the account. Next, find out more ways to stop spam texts on an iPhone or Android.
Sources:
- Proofpoint: “2020 ‘State of the Phish’: Security Awareness Training, Email Reporting More Critical as Targeted Attacks Spike”
- Ryan Prejean, help desk lead at Guardian Computer
- SMS Comparison: “The Growth Of Text Messaging for Businesses in 2020”