Yes, That Text is Probably a Scam… Here’s How to Deal with It

Text messages are great. They’re a quick and effective means for us all to communicate. 

Unfortunately, this does bring some downsides, too… namely, they’re a relatively simple means for a scammer to spread their attacks. Let’s discuss why this is so dangerous and how you can identify and avoid these threats.

Phishing Email Attacks Target Us Where We Are, So Is It a Surprise We Get Phishing Texts?

SMS-based phishing, AKA “smishing,” uses text messages as the medium of choice to send a phishing attack. These smishing texts can take numerous forms, from classic phishing attempts like fraudulent communications from “your bank,” fake shipping updates from services like FedEx and UPS, or other such parties, to alerts from government agencies and contests.

A more comprehensive list of common smishing tactics is as follows:

• Fraudulent messages from financial institutions, as mentioned
• Messages claiming you have won a contest that you never entered
• Alerts directly from government agencies or other authority figures
• Delivery notifications for packages you never ordered
• Credit card offers and promotions
• Texts asking for personal information or identity verification
• “Suspicious activity” alerts from your accounts
• Ads for sales and promotions at retail and restaurants
• Claims of payment issues

In a world where most people almost always have a delivery on the way, and are often engaged with the world via text message, many of us can be vulnerable to these types of attacks.

Just as with any scam, a bit of precaution and knowing what to look for will help you, your family, friends, and your team members recognize when a text message is a smishing attack. For instance, if you are asked to confirm your identity or access a link in the message, the message is likely a threat.

Smishing’s Strength Comes from Fear and a Lack of Awareness

Unfortunately, it makes sense that smishing can be so effective. Put yourself in a target’s shoes momentarily: you suddenly get a message that claims there’s some issue with your bank account. Without the forethought that it could be a scam, that suddenly becomes a very high-stress situation for you… not exactly the ideal conditions for rational thought.

Pair that with the tendency for trusted entities to be used as a front, and it is suddenly a lot harder for the average person to catch them.

How to Keep Yourself Safe from Smishing

There are a few steps that you should take with every suspicious message (and before you ever encounter one):

Do NOT Respond
Never answer one of these text messages directly, and never provide any sensitive or personal information… such as identification numbers, private details, passwords, or access credentials. Furthermore, never click any links or attachments sent with one of these messages.

Check Its Legitimacy
Take note of the phone number used and who the message is supposedly from. Go back and check with the purported sender directly—through a different means of communication, of course—to see if the message was, in fact, authentic.

Keep Your Device Secure
Mobile operating systems are regularly updated with added protections to keep scams to a minimum, so keeping up with these updates will only help reduce the security issues you may face. Modern mobile operating systems also commonly feature spam filtering capabilities. It also helps to install a dedicated mobile security application.

Adopt Security Measures
Various protections—multi-factor authentication, filtering and spam protection, encryption, and regular audits—can help keep smishing and other threats to a minimum for a business that adopts them.

Educate Those Around You
Whether you’re surrounded by friends, relatives, coworkers, or employees, don’t be shy about sharing these tips with them to create a bubble of improved security in your circles.

How to Report Smishing Attempts

If you do receive a text-based phishing attempt, it can also help to report it as such. The Global System for Mobile Communications—or GSMA—has an established number for users to send the contents of these attacks to… 7726.

Reporting Smishing on Android

• Very, very carefully, press and hold the offending message.
• Select the three-dot icon to access the menu.
• Select Forward and send it to 7726.

Reporting Smishing on iPhone

• Very, very carefully, press and hold the offending message.
• Select More and then the arrow at the bottom-right corner of the display.
• Forward the message to 7726.

Alert the FTC

It also helps to report these attacks to the Federal Trade Commission. The agency provides a fraud reporting tool that you should fill out so they can inform law enforcement to help stop these attacks. You’ll then be provided with best practices to follow.

We Recommend Sharing This Information with Everyone You Know

The more people that know about this threat, the better, because that means more and more people will be more resilient against them. We’re here to help businesses promote this awareness amongst their ranks and provide the tools to secure their operations better. If you’re interested in learning more about what we offer, call us at (774) 213-9701.