What Is a Smishing Scam and How to Stay Safe
The rise of smishing, the SMS version of phishing, has prompted state and federal agencies to issue warnings. Phishing is a cyber-attack aimed at tricking people into divulging personal information, typically via email. However, with the increasing accessibility of phone numbers, cyber-criminals have expanded their reach to text messages.
In January, the Federal Trade Commission (FTC) flagged a smishing scam targeting recipients with a message claiming an outstanding balance from a state road toll company. The scam attempts to trick individuals into revealing sensitive information by displaying a fake dollar amount and including a link to enter bank or credit card details. This not only risks stealing money but also exposes victims to identity theft.
Smishing can be particularly convincing, as scammers pose as FedEx carriers, banks, or other known entities. The nature of text messages makes them more intimate and prompt individuals to act quickly, increasing the likelihood of falling for scams.
"Text messages are more intimate, and you check them more quickly than emails, so people start falling for those scams," says Murat Kantarcioglu, a professor of computer science at Virginia Tech. This highlights the importance of vigilance when receiving suspicious messages.
How Smishing Works
Smishing occurs when cybercriminals seek to access private information about a person, such as their bank account password or birthday, to hack into sensitive accounts like phones or credit card accounts.
"Whenever you give your phone number to a company or organization, those phone numbers are sometimes sold [to others]," warns Kantarcioglu. This adds another layer of concern, as stolen and leaked information, including social security numbers, phone numbers, addresses, and more, can be used for malicious purposes.
Smishing may also occur on some social media apps, such as Signal and Whatsapp, further increasing the scope of potential vulnerabilities.
Protecting Yourself Against Smishing
Steer clear of any messages that appear suspicious. The FTC advises against clicking any links or responding to messages sent by unknown senders.
"The link that they sent may be vulnerable so that your phone may be hacked automatically," warns Kantarcioglu. In some cases, the message may lead you to a site where scammers want more information from you.
Instead of directly responding to a message posing as a bank or toll company, users should log in to their personal accounts on their own or contact the companies directly. When signing in, ensure you have clicked on a secure site and verify the authenticity of the website.
"I've seen some scammers [create] ads for fake variants of the website, like a fake toll company website," says Kantarcioglu. "You have to find the correct website for the organization."
Many phones allow users to directly delete and report the message as junk. The FTC suggests forwarding such messages to 7226 (SPAM) or blocking numbers and accounts that send these types of messages.
Reporting Smishing Scams
Smishing can also be reported to the IC3 internet crime complaint center at www.ic3.gov. It is essential to inform less tech-savvy loved ones about these types of scams, as they may be more vulnerable to falling prey.
"I think everyone should make it their mission to educate the older people in their family about these issues," says Kantarcioglu. "I'm trying to educate them, never answer the text messages or phone calls from anyone that you don't know."