Smishing – Phishing through Text Messages
January 11th, 2022
Text message or SMS fraud, also known as “smishing,” is when fraudsters send unsolicited text messages to an individual for the purpose of obtaining the victim’s banking, passwords or other sensitive information – and is on the rise.
With spoofing technology, it appears the fraudulent texts and phone calls are coming directly from a known source. The goal is to get the victim to respond.
HOW TO IDENTIFY A THREAT:
Banking Focused Smishing: The victim receives a text message alerting them of a suspicious transaction that was attempted on their account with instructions to reply via a link or phone number to validate the legitimacy of the transaction. The goal is to get the victim to respond (in some cases the fraudster initiates a follow-up phone call), where the impersonator then requests the victim to provide their account number or online banking credentials to validate their identity. With this information, the fraudster can clear out the victim’s account.
System Vulnerability Smishing: The victim receives a text message alerting them of unsecured websites in their browser history, or a recent scan of their mobile device shows that there are viruses on their device.
Example: “Your browsing history showed visits to unsecured websites. You now have (3) virus on your device. Clean your phone ASAP”
Gift Card Purchase Smishing: The victim receives a text message requesting them to purchase gift cards on their behalf. The text appears to be from a legitimate source, such as a friend, family member, or management personnel from their place of business.
Example: “I am on a conference call and I need you to complete an urgent task. Can you buy a dozen Apple gift cards for me?”
HOW TO PROTECT AGAINST THIS THREAT:
Never respond to a link within a text.
Save a copy of your bank’s phone number as one of your contacts to make it easier to identify and reach out to verify the validity of the inquiry.
Use a different password for every online account.
Get into the habit of updating your passwords and when possible, enable multi-factor authentication.
HOW TO REPORT AN INCIDENT:
Should you receive a fraudulent text message,
Report it directly to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center at https://www.ic3.gov/
Block the caller/sender’s number from your phone
Delete the text
Do your part - #BeCyberSmart