It seems like every time you turn around these days some jack-wagon has come up with a new way to try and part you from your money or steal your identity. Scammers are constantly posting rogue apps on Facebook, putting malware links in Tweets, and sending you phishing e-mails. Is no digital domain sacred anymore? The answer is no, and now they've moved on to text-based phishing on your cell phone.
Smishing is basically phishing scams that are sent over Short Message Service (SMS) text messages.
"Surely I would never fall for that" you say. Apparently someone is falling for it, as they wouldn't be doing it if it didn't work some of the time.
Most phishing scams play on your fear of things such as:
- Fear of someone stealing your money
- Fear of being accused of a crime that you did not commit
- Fear of someone doing harm to you or your family
- Fear of something embarrassing being revealed about you (whether it is true or not)
We are all human. When we are confronted by fear, we may throw logic and reason out the window and might end up falling for a scam even though we thought we were "too smart" to be fooled by such a thing. A lot of phishing attacks which end up being successful likely go unreported because the victims don't want people to think they were gullible enough to get conned.
Phishers refine their scams over time learning which ones work, and which don't. Given the short nature of SMS messages, phishers have a very limited canvas on which to work so they have to be extra creative in a smishing attack
Here are a few tips to help you tell spot SMiShing scam texts
- Review your bank's and credit card company's policy on sending text messages
- Beware of messages that have a number that says it is from "5000"
- Ask yourself if the suspicious text preys on the fears mentioned above
- Never reply to a suspicious text without doing research and verifying the source.
Many banks don't send text messages because they don't want people to fall for smishing attacks. If they do send texts find out what number they use to generate them so you will know if they are legitimate. The scammers may use spoofed alias numbers that look like they are from your bank, so you should still be skeptical and not reply directly. Contact your bank at their regular customer service number to see if the text was legit or not.
Email-to-Text services often list 5000 or some other number that is not a cell number as where they originated from. Scammers are likely to mask their identity by using Email-to-Text services so that their actual phone number is not revealed.
If the message content fits into one of the fear categories above, be extra skeptical. If it is threatening in any way to your or your family members, report it to the local authorities and also to the Internet Crime Complaint Center (IC3) .
If it is really your bank texting you, then they should know exactly what you are talking about when you call them using the phone number on your latest statement. If they say there are no issues with your account, then the text was obviously bogus.
Can anything be done to prevent smishing texts from reaching you? Here are some steps you can take to keep the smishers at bay:
- Use Your Cell Providers Text Alias Feature
Almost all major cell providers allow you to setup an Text Alias that you can use to receive texts. The texts still come to your phone and you can send texts, but anyone you text sees your alias instead of your actual number. You can then block incoming texts from your real number and give all your friends and family the alias you are using. Since scammers most likely won't guess your alias and can't look it up in a phone book, using an alias should cut down on the number of spam and smishing texts you receive.
- Enable the "block texts from the internet" feature if available from your cell provider
Most spammers and smishers send texts via an internet text relay service which helps hide their identity and also doesn't count against their text allowance (scammers are notoriously frugal). Many cell providers will let you turn on a feature that will block texts that come in from the internet. This is another easy way to cut down on spam and smishing e-mail