You may not realize it, but you’ve probably been a target of an attempted Smishing (SMS/Text) Scam. Ever received an alarming text that appears to be from your financial institution or credit card provider alerting you of a change in your account with a request to act urgently? While text alerts about recent transactions or a confirmation that a transfer has been performed are typical, not all alerts are legitimate.
In this day and age when apps can almost run our lives for us, the humble SMS, or text, has outlived them all – and it’s still going strong. Unfortunately, though, texting has come under attack as one of the most vulnerable mediums for financial and identity theft or more.
Here’s what you need to know about an SMS-based scam called “smishing.”
How it works
Smishing scams are similar to email phishing scams in which scammers target victims by sending an email that appears to be from their bank or credit union, internet service provider or one of their favorite businesses. Smishing scams use text messages instead of emails, but their goal is the same as phishing scams’: to establish contact with the victim and access their personal information.
The scam begins with a supposedly urgent text appearing to be from the victim’s financial institution of choice. Sometimes, it’s from a bank or credit union with whom they have never done business.
The text claims the victim’s checking account or debit card is locked and that the victim must take immediate action to restore it. Alternatively, the text may alert the victim about a large, unauthorized purchase that was charged to their account. The scammer warns that, if the charge is not contested immediately, the victim will be responsible for the transaction. There are more variations, but they will always convey a sense of urgency to induce panic and trigger an immediate response.
The victim is then instructed to click a link or call a specified number and, upon doing so, will be asked to share personal or financial information. Once they’ve got their hands on this info, the scammer is free to steal the victim’s identity, empty their accounts or go on a shopping spree on the victim’s dime.
Who are the victims?
Smishing scams target anyone with a cell phone. Those who typically conduct most of their banking business using their phones may not immediately question when their financial institution appears to contact them by text message and, unfortunately, these smishing scams are often successful.
It isn’t just mobile banking users who need to be wary of smishing. Fraudsters have widened their net and send messages to any cellphone number they can get their hands on.
If you own a checking account and a cellphone and don’t take steps to protect yourself, you are vulnerable to a potential smishing scam.
Recognizing smishing scams
If you know what to look for, you’ll be able to spot a smishing scam at first glance.
First of all, your credit union will not use a text message to alert you of a possible lockdown on your account; we prefer to use more personable contact methods to help ensure your privacy and personal security.
Also, the phone number the smishing text instructs you to call will not be ours. We service our members from our own premises, and our number is 404-978-0080 or 912-352-2902. If you’re told to contact us at a different line, it’s not us you’re calling!
You can also spot the smishing scam just by looking at the phone number. The text will often appear to come from a number that is obviously fake. Alternatively, it can appear to have come from one of your contacts who is kindly letting you know about the trouble with your account. In such cases, ask your friend (directly, not in response to the message) if they actually sent it. If they have no idea what you’re talking about, their number has been ‘spoofed’ and someone is using their number to lure you into a scam.
If you’ve been targeted
If you receive a suspicious-looking text that might be a smishing scam, do not engage the texter! Jot down the scammer’s number and delete the message. Most wireless providers offer spam detection services for free or a nominal fee each month. Report the suspicious number as spam so these fraudsters have less of a chance to scam you and others! You can also alert the FTC at ftc.gov so they can help catch the crooks.
If you’ve fallen for such a scam and your accounts have been compromised, alert your credit card companies and be sure to let us know as well. We’ll help you mitigate the damage and regain control of your finances.
Protecting yourself
It’s difficult to completely block your phone from these scams, but there are some proactive steps you can take to protect yourself, your device and your money.
- Always use two-factor authentication. If you have the choice of opting out of this extra step, don’t take it! It’s not worth the added risk.
- Strengthen your passwords. Never double your password use across different accounts, websites and apps. Make sure your passwords are strong and unique. Consider using a password manager like Google Password Manager, LastPass, Dashlane or 1Password.
- Don’t respond. Ignore text messages from unknown numbers, even if they’re not alerting you about a problem with your accounts. A text from an unknown source may be the scammer’s first attempt at establishing contact and determining if you’re a willing target for a future scam.
- Set up e-alerts and notifications using the mobile app or by logging into mobile banking.
Make sure you are always on the alert for smishing scams. Don’t let those crooks get their hands on your money! If you receive a text like those mentioned above, just give us a call or investigate the problem yourself by logging into online or mobile banking to make sure everything looks ok.