What is SMiShing?
SMiShing, (also known as SMS phishing) is a scam where a link is sent to a user via text message to do any of the following:
- Steal private information (tax ids, bank information, social security numbers)
- Install viruses and malware to track your phone usage and logins.
Smishing has only been around since 2008, but it is on the rise: you are seven times more likely to receive a smishing text than email spam. What is more disturbing is that users are three times more likely to respond to a smishing text than a phishing email. Smashing can appear in texting apps as well as your text messages.
How does Smishing work?
A scammer will send you a text with a URL and encourage you to tap the link while claiming to be a government agency, a bank, or a reputable company. Typical smishing texts are about your financial accounts being compromised and to contact their number or use the link to send them your personal information. Sometimes, scammers will “spoof”, or use a phone number of someone you may know to make a text look like it is coming from them. If you see a strange text from a friend, call your friend back to see if they actually sent the message.
Is Smishing like email phishing?
The messages and tactics are similar to email phishing: spoofing as a bank to alert you that your account is compromised, the IRS sending you a message that your tax return is overdue, a store sending you a deal or offer, or a prized company claiming you have won and need to go to a URL to redeem it. Like email phishing, the goal of a smishing scammer is to obtain your personal information or install viruses on your device. Since email providers are getting smarter at detecting phishing accounts and shutting them down, scammers are moving to the new, less secure terrain of SMS on mobile. As we have discussed in previous posts, mobile devices have suffered from serious security vulnerabilities, as the mobile technology boom has not caught up with security measures, unlike computers.
How can I prevent being Smashed?
Any time you receive a text alert that your account has been compromised or the IRS is alerting you about a return, always call the agencies directly or login to their website directly through a browser app to confirm your account. Never tap a link in a text message if you suspect it is spam. Any banks that you use will only send SMS alerts if you explicitly authorize them, and they will never ask for your account information via text. The IRS nor any government agency will ever contact you via text. As for preventing any smishing texts from being sent to you, like email phishing, it is impossible to stop from receiving any spam texts in the first place, but you can take actions to prevent yourself from giving personal information:
What do I do if I suspect a text is a spam or Smishing?
- DO NOT call the number or reply to the text
- DO NOT reply with “STOP” or “NO”, this will only confirm to the scammers that your number is active
- DO forward the smishing text to 7726, which spells out “SPAM.” This will tell your carrier to block the number from future texts.
- DO when in doubt, delete the message.