Cybercriminals are always adapting to create new ways to “phish” for your personal information. When tried-and-true methods get a little too easy to spot, they shift their approach. Since text messages usually come from trusted friends, family or companies, texting can be an effective method to execute a variety of scams.
What is smishing?
Smishing, or SMS phishing, consists of a cybercriminal sending you text messages in an attempt to convince you to reveal sensitive information like usernames, passwords, one-time passcodes or debit and credit card numbers. These messages may seem to be coming from a stranger or from a reputable company, organization or person. Often, these criminals try to steal your data or money by tricking you into clicking a link, or revealing personal details or login information.
Read more: Suspect you’re being targeted by a cybercriminal? Here's how to report it.
Watch for these smishing tactics
A common approach in smishing scams is to capture your attention and concern with time-sensitive alerts, creating a sense of urgency in an attempt to overcome your better judgment. These could include notifications of unpaid bills, alerts about access to private bank accounts, unauthorized transactions on your account or supposed payment invoices requiring your review.
If you use your personal cell phone for work, you may need to be especially vigilant. Attackers may contact you under the pretense of a business opportunity or request from your superior at work. These requests can be harder to ignore, as the requester may know information about your job title, line of work or coworkers names — all of which are commonly available online — that make them seem more trustworthy.
Stop smishing in its tracks
You can help readily protect yourself against smishing scams by remembering to:
1. Beware of payment requests
Ask yourself if it’s typical for this company, service or person to send you a text message. If you didn’t sign up for alerts or they aren’t in your contacts, think twice.
2. Pause before responding
If you’re in a rush, you could miss the potential warning signs of a cyberattack. Even if a scam text requests you take action, it can be best to wait before texting back.
Trust your gut if something seems off or if you have any doubts about who sent the text.
3. Look closely at the text
Be sure to confirm the details, as mistakes in a text message can alert you to a fraud attempt. Common signs include the sender not having the correct amount of digits in their number, words being misspelled or the link URL not matching the alleged source of the text.
4. Do not respond
Trust your gut if something seems off or if you have any doubts about who sent the text. Often, the best approach is to ignore it. Any engagement, even a question or irrelevant response, can demonstrate to cybercriminals that you are a more desirable target. If you’re worried about the contents of the message, move on and confirm its validity in other ways.
5. Fact-check separately
If the text appears legitimate but you still aren’t 100% sure, try to verify its authenticity. Research the alleged sender to find their website and contact information as opposed to responding to the suspicious text. Or log in to your related account to view your payment status. Always be cautious, double-check requests and use these tips when handling suspicious messages.
Keep tabs on these red flags
Smishing scams can take a number of subtle approaches and are often difficult to detect, even if you feel well-equipped to spot them. If you receive a text message related to one of the following topics, stay alert:
Investment opportunities, especially for cryptocurrency
Romance scams
Spoofed phone numbers
Fake two-factor authorization confirmations
Giveaways, rewards or prize offers
Invoices or order confirmations for purchases you didn’t make
Stay one step ahead
Cybercriminals often switch up their strategies, but you can spot their newest tactics by remaining attentive, verifying the details and staying informed.
Helping you maintain the security of your personal and financial information is one of our top priorities. For other ways to enhance your online safety, visit our Security Center.