How to Identify and Address Texting Scams

Texts might make it convenient to communicate, but they’re a common medium for hackers to exploit others. Why are texts so dangerous, and what can you do about them? That’s what we’re covering today, including how you can detect and avoid these threats.

There’s Nothing Surprising About Phishing Texts

SMS-based phishing (or “smishing” if you’re into that sort of thing, that being abbreviations) use text messages as the method of attack in phishing schemes. They might look like communications from your bank or credit card company, fake shipping updates from Amazon, FedEx, or UPS, or even the government.

Here’s a quick list of some of the common smishing tactics you might see:

• Fraudulent messages from financial institutions, as mentioned
• Messages claiming you have won a contest that you never entered
• Alerts directly from government agencies or other authority figures
• Delivery notifications for packages you never ordered
• Credit card offers and promotions
• Texts asking for personal information or identity verification
• “Suspicious activity” alerts from your accounts
• Ads for sales and promotions at retail and restaurants
• Claims of payment issues

Can you remember the last time you didn’t have a package on the way, or when you weren’t receiving text messages? This is why it’s so easy and convenient for hackers to capitalize off of smishing attacks.

If you’re careful, you can tell what a smishing attack looks like and protect yourself, your family, and even your staff. For example, one of the throwaway signs is if you’re asked to confirm your identity through a link in a message rather than an authenticator app.

Why is Smishing So Dangerous?

Really, it all boils down to fear and a lack of awareness.

If you’re in the target’s shoes, wouldn’t you also fall for a hack if someone claims that there’s an issue with your bank account? You might impulsively click on a link without even thinking it through. This is what they’re counting on.

It doesn’t help that the hackers tend to adopt the identities of trusted entities, either.

Protect Yourself from Smishing

If you want to protect yourself from smishing, we have some tips to share:

Don’t Respond

As fun as it might seem to mess with the scammer, you should never respond to them under any circumstances… and make sure you don’t share any information, like ID numbers, private details, passwords, or access credentials. Again, you never want to click on any links or attachments in these messages, either.

Check the Legitimacy

Make a note of the phone number and cross-check who this number claims to be. If it doesn’t check out, then you know it’s a fake. Otherwise, it could be authentic.

Protect Your Device

Mobile operating systems will receive updates that keep them safe from security threats, so be sure to update yours frequently. More modern mobile operating systems will have systems in place that can block spam, but it doesn’t hurt to also have a dedicated mobile security application installed, too.

Implement Security Measures

With solutions like multi-factor authentication, filtering and spam protection, encryption, and audits, your business can minimize the threat of smishing and other security issues.

Educate Others

Make sure you’re telling your friends, relatives, coworkers, employees, everyone about how to avoid smishing attacks; this creates a safety bubble around you and your loved ones.

Reporting Smishing Attempts

You can report text-based phishing attacks by using a number designated by the Global System for Mobile communications (GSMA): 7726. Here’s how to do it on both Android and iOS.

Reporting Smishing on Android

• Very, very carefully, press and hold the offending message.
• Select the three-dot icon to access the menu.
• Select Forward and send it to 7726.

Reporting Smishing on iPhone

• Very, very carefully, press and hold the offending message.
• Select More and then the arrow at the bottom-right corner of the display.
• Forward the message to 7726.

How to Alert the FTC

If you would like to report an attack to the Federal Trade Commission, you can use this fraud reporting tool. They will then inform law enforcement so action can be taken, and you’ll also receive resources and best practices that can help you address the issue in the moment.

Share This with Everyone You Know

Did you learn something new about smishing? Spread the word by sharing this article with the people in your life so they can stay safe. For more tips, be sure to call us at 301-740-9955.