You know about the dangers of phishing, the illegal practice of sending emails with the intention of tricking you into giving up your personal data. Related to phishing (a play on the word fishing), is the equally dangerous tactic of smishing, which involves the same type of message, but delivered via text to your phone. The word smishing comes from combining SMS or short message service, with fishing. Unfortunately, smishing has become a popular form of attack, along with phishing, but consumers are less likely to suspect a text.
Like with phishing, there are ways to protect yourself, and the first one is to be aware that an unsolicited text can be as dangerous as a suspicious email. Here are some ways to spot a smishing scam and what you should do if you receive one.
Smishers rely on your quick reaction to a text message that may appear as if it comes from a source of authority such as your bank or a government office. You’ll see phrases such as “reply now” to create a sense of urgency. Some may also contain a threat such as “legal action will be taken unless you respond now.” Smishers are relying on prompting panic, so that you do not question the message, but don’t fall for this tactic.
Not all messages are threatening. Instead, a text may ask you to download a new app from your bank by clicking a link. The link may take you to a page that looks legitimate. At this point, you may be asked to confirm details such as your banking login credentials or other sensitive account information, and if you type those in you will have handed over the data to criminals who can then access your account or set up fraudulent accounts in your name. The same is true for congratulatory emails announcing you have won something in a contest you never entered and texts saying you have money available that can be added to your phone’s digital wallet with a link to collect the funds. In all of these cases, you should swipe to delete.
Now that you are aware of the problem, you can approach smishing in much the same way as you guard against phishing. Do not reply to texts from people you don’t know. This is especially true when the SMS comes from a phone number that doesn’t look like a phone number, such as “5000” phone number. This is a sign that the text message is actually just an email sent to a phone.
Don’t click on links you get on your phone, unless you’re absolutely sure they are from a friend. Phone numbers can be hacked, so unless you’re in mid-conversation, it’s best to avoid clicking on any links in a text.
Never install apps from text messages. In fact, any app you install on your phone should be downloaded only from the App Store or Google Play, and then, only after you’ve vetted it thoroughly. An app should be used by many people and include favorable reviews, which are listed in both stores.
If you receive a suspicious text or merely one that is unsolicited and contains the instructions to type “Stop” if you don’t want to continue receiving texts from the sender, don’t do it. By texting “Stop” you are telling the sender that your number is active, and you will surely continue receiving texts from this sender and possibly others as your number may be shared. This is the same situation as spam emails: if you “unsubscribe” to spammers, you’re giving the greenlight for more spam.
Keep your phone’s operating system up to date to ensure you have the latest security updates from the software manufacturer. You’ll see an alert in your phone’s settings when an update is available, so check regularly. However, we’ve seen some buggy updates, so it’s often a good idea to wait a week or so if you see reports of problems with a major update, which will give time for a debugged follow-up to be released.
Suspicious texts may be reported to the Federal Trade Commission online at https://www.ftccomplaintassistant.gov/. Select Robocalls, Unwanted Telemarketing, Text or SPAM from the menu and follow the steps. Your submission may be helpful in fighting this growing problem.