USA TODAY International Edition
‘ Smishing’ scammers target text messages
Similar to ‘ phishing,’ there are ways to protect yourself
While the name of this growing threat might sound funny, being a victim of it is no joke.
Similar to a “phishing” scam — where computer users receive an authentic- looking email that appears to be from their bank, Internet Service Provider ( ISP), favorite store or other organization — “smishing” messages are sent to you via SMS ( text message) on your mobile phone.
What does the sender want? To defraud you.
“Criminals like smishing because users tend to trust text messages, as opposed to email, of which many people are more suspicious, due to phishing attacks,” says Stephen Cobb, a security researcher at ESET, a global cybersecurity company.
Cybercriminals are trying to lure you into providing information — such as a login name, password or credit card info — by tapping on a link that takes you to a website.
Here they can get enough info to steal your identity. Or you might be asked to answer questions via text message or are advised to call a phone number.
In some cases, you’ll receive a text message with a sense of urgency: “Dear customer, Bank of America needs you to verify your PIN number immediately to confirm you’re the proper account holder. Some accounts have been breached. We urgently ask you to protect yourself by confirming your info here.”
Sometimes, scammers try to capitalize on something timely, like tax filing season: “IRS Notice: Tax Return File Overdue! Click here to enter your information to prevent being prosecuted.”
Or, perhaps, it will come in the form of a more personal note: “Beautiful weekend coming up. Wanna go out? Sophie gave me your number. Check out my profile here: ( URL)”
Or, you might fall for a smishing scam if you think you can win something: “Your entry last month has WON. Congratulations! Go to ( URL) and enter your winning code — 1122 — to claim your $ 1,000 Best Buy gift card!”
You can fight smishing a few ways:
If you get a suspicious looking text ( or email) on your phone and it asks you to urgently confirm information, it’s not coming from a legitimate institution. Your bank, financial institution, ISP or favorite online retailer will never ask for sensitive info this way. When in doubt, contact the company yourself. Though you might be tempted to hit Reply and tell them to leave you alone, you’re only confirming your phone number is valid, which might invite even more scams.
Anti-malware (“malicious software”) software exists for mobile devices, many of which can detect and stop a smishing attempt. This serves as an extra line of defense from these malicious types, but you must still exercise common sense.
On a related note, be sure to always update your smartphone’s operating system to the latest version.
Look for suspicious charges on your monthly phone bill. Resist entering contests that ask you to provide your mobile number. Similarly, don’t post your mobile phone number on social media or other public forums.
When mobile shopping, stick with reputable retailers.