It doesn’t take much to be a smishing victim when just a text message does the trick. A member of the email phishing and voice (vishing) family of criminal scams, replying to a smishing text can be all that’s needed to begin a successful scam. Knowing how smishing works and the tell-tale signs of these scams can help keep you from being the next smishing victim.
Relying on similar tactics as email phishing, the con artists behind smishing attacks fake their identity to appear legitimate and get your PII. They’ll impersonate anyone, including financial institutions, school or employer, package delivery services, insurance carriers, or even someone you know. Using pressure, fear, curiosity, trust, winning a contest, and other tactics increase their chances of reeling you in. But what do you do when a text has only one word?
Trending Smishing Schemes
Currently trending are one-word texts from scammers. Texting “Hi” or “Help” is designed so you think it’s coming from a family member or friend. The inclination is to respond, but doing so tells the smisher you’re an active recipient and a promising victim.
On dating websites, responding to a “Hello’’ text could be the start of something wonderful, or a smisher waiting to pull you in. Once contact is established, they will groom you to trust them and then ask for money or maybe they have a great investment they want to share. Don’t give up any PII, delete the text, and block their phone number.
A text from your bank telling you there’s a problem with your account is another trending smish. A message saying your account is being closed, and to keep it open you need to confirm information like your Social Security number, account PIN and other valuable PII. The more PII you provide, the more opportunities for additional crimes.
Bogus package delivery texts are another trend. The smisher uses several tactics to get your PII, including being from a well-known delivery company. The message can say your details are needed for a package delivery. They might tell you a small fee is needed for shipping, and your payment details are required. None of these scenarios are good or real, so promptly delete the text.
How to Avoid Smishing Attacks
- Remember, never respond to texts from strange sources. Should the text claim to be from someone you know, your financial institution, or whomever, verify the sender is legitimate.
- Never provide personal information, including passwords, addresses, credit card numbers, and email addresses.
- Contact financial institutions and other accounts directly. Look up the information yourself, and never use contact information in the text since it likely leads to the scammer.
- Don’t click on attached files or follow links. They could go to sites that infect your device with malware, including spyware and ransomware.
- Use MFA (multi-factor authentication) whenever available for all your accounts. The added layers of protection keep the wrong people from accessing them.