In recent years, cyber criminals have increasingly turned to SMS as a means of distributing phishing scams.
Dubbed SMiShing ( SMS Phishing), this tactic offers criminals a quick and easy method of reaching potential victims.
SMiShing Scam Messages May Not Immediately Raise Suspicion
While many Internet users may have now learned to recognize more traditional email-based phishing scams, SMS based phishing scams may not raise their suspicions as rapidly. There may be a tendency to be more trusting of text messages because, in the past, the platform has not been as commonly targeted by criminals as email.
And, banks, companies, and government departments now more commonly use SMS to communicate with clients. So an SMS that looks like it was sent by your bank, an online service provider, or a government entity might not be unexpected.
Moreover, unlike an official email, you would not expect such an SMS to include logos, company colour schemes, and secondary links.
So, for example, a brief but ‘urgent” text message that names your bank and claims that your account has been disabled may not immediately raise any red flags.
SMiShing Scams Prompt You to Call or Click
Some SMiShing scam messages contain a link to a fake website just like email phishing scams do. Once on the fake site, you will be prompted to enter your account username and password and then supply your personal and financial information.
Other versions prompt you to call a number to deal with the supposed account problem. If you call, you will connect directly to a criminal posing as a company staff member. The criminal will ask for credit card numbers and a large amount of other personal and financial information, ostensibly as a means of proving your identity and rectifying the supposed account problem.
Once you have submitted the requested information on the fake website or via a phone conversation with a scammer, criminals can hijack your account, commit credit card fraud, and attempt to steal your identity.
SMiShing Scammers Use a Range of Bogus Cover Stories
The scam SMS messages use a variety of tactics to panic you into clicking or calling.
As noted, they may claim that your account has been disabled. Or, they may claim that, due to a suspected account breach, you must urgently verify your information. Or they may claim that a recent transaction has failed and you need to provide more details so that the transaction can proceed.
The message may even claim to be from your tax department and urge you to click or call to obtain an unexpected refund or deal with a supposedly overdue tax return.
These are just a few examples of the cover stories used by SMiShing scammers. There may be many more. But, as a rule of thumb, be wary of an SMS message that urges you to click or call to deal with an account problem, update account details, or process a transaction.
Don’t Click or Call — Verify the Claim in the Message By Other Means
If you receive an SMS like one of those described above, do not click or call. Rather than clicking a link in the SMS, open your browser or app and access the account in the way you would normally do so. If there s a problem, you likely see a notification about after you have logged into your account.
If prompted to call, do not call the number provided. Instead, find a number from an official document, directory, or website and call back. If the issue described in the text message is real, you will thus still be able to deal with it.