What is Smishing and how can you prevent it?
Attempts to defraud consumers are nothing new. What continues to change are the methods scammers use.
In 2019, the Federal Trade Commission's Consumer Sentinel Network received 2.2 million fraud reports. The FTC has found that consumers are being targeted the most on cell phones. Smishing is one of the mobile-phone-based scams to watch out for, and you may even have experienced an attempt recently.
What is smishing?
Smishing, put simply, is a scam attack using the SMS communications feature on your cell phone. These attempts may include text messages asking for money or personal details that could be used to access secured accounts.
What is so challenging about these attacks is that scammers may use information and details related to familiar and trusted organizations that you know, like, and trust.
Here are a few examples of smishing attacks:
- Urgent request asking to verify an account number and sometimes a password.
- Notification that you've won a prize or have a package, but to claim it, you must click on a link.
- A text message requesting that you quickly verify or provide personal details that you would otherwise submit via the institution's web portal.
What's so frustrating about smishing attacks is they range in scope and creativity. These attacks also tend to mimic your legitimate interactions with organizations.
What to do if you suspect you're being targeted?
Here are a few best practices that will help prevent you from accidentally falling for a smishing attack:
- Avoid reacting to an urgent request that's outside of what you usually experience in communications from an organization.
- If you receive a message about a package, first consider whether you really have a package scheduled for delivery. If you do, double-check the package shipping details via your order confirmation instead of clicking on links.
- Pay attention to the details. If the phone number that you received the message from is different from a typical phone number, do not return the call.
- If you receive an incoming text asking for information and you think it could be legitimate, contact the organization as you have in the past via phone, app, or website (versus responding to the text or answering an incoming call).
- Most importantly — Trust your gut, if something feels wrong it likely is. But pause and take a deep breath before taking action. Smishing attacks and other fraudulent requests focus on triggering a fear response in the recipient of the message.
Ask yourself the following questions before acting:
- Does this request make sense?
- Do you even have the product or service the text is referring to?
- Does the contact information they've shared with you look legitimate?
Fortunately, a number of these attacks are being documented and shared online. A quick Google search may help you quickly identify common smishing schemes. Type in the information request that you received and see if other people have reported similar requests for information. Pay attention to what other consumers are reporting about their experiences through websites like the Federal Trade Commission and Better Business Bureau’s Scam Tracker.
How to avoid smishing attacks?
Ultimately, it's important for consumers to be on the lookout for smishing attacks and understand the value of the information that these attackers are seeking.
- Take time to understand the security protocols for the different organizations that you do business with. Banks, credit cards and other financial products almost always have at least three separate steps that customers must take to verify who they are.
- Double-check your cell phone's security settings and make sure that they are on. Some cell phone service providers will block incoming spam messages via SMS, text, or even incoming calls that your service considers spam.
If you're unclear about how to engage safely with organizations you do business with, call them to clarify how or if they would make requests for sensitive information.
Unfortunately, smishing attacks are unlikely to go away. With that reality in mind, you need to be proactive about protecting yourself from the various types of digital fraud you may encounter. Create best practices to avoid falling for smishing attacks and other online scams that can compromise your personal and financial information.