The term “smishing” comes from combining “SMS” (short message services, or texting) and “phishing”. Typically when cybercriminals “phish” they send you fraudulent emails trying to trick the recipient into opening malicious links or malware. Smishing simply uses text messages instead of email.
Many popular ‘smishing’ scams right now revolves around using COVID-19 stimulus information or vaccination alerts to trick recipients into enrolling in fake programs and giving away their personal information.
According to the Federal Trade Commission, there's been more than $348 million
in COVID-related fraud loss since the start of the pandemic, with roughly $30 million of that coming through text and phone call scams.
If you get any suspicious messages revolving around COVID relief programs, tax returns, or vaccination centers, you should look at the content of the message and think through before clicking on any link.
> Warning Signs
- A text message requests personal information, such as your Social Security number or an online account password.
- The message asks you to click a link to resolve a problem, win a prize or access a service.
- The message claims to be from a government agency. Government bodies almost never initiate contact with someone by phone or text, according to the FCC.
- The text offers coronavirus-related testing, treatment or financial aid, or requests personal data for contact tracing.
You should also block the number of the scammers, copy the text and forward it to 7726, which spells SPAM. All the operators in the U.S. use that short code to block attacks and leverage submitted information to put in filters to block those attacks.
> What to Do:
- DO contact the company or organization that supposedly sent the text, using a phone number or website you know to be legitimate, if you think it might concern a genuine problem.
- DO forward spam and scam texts to 7726 (SPAM), the spam reporting service run by the mobile industry. This sends the text to your carrier so it can investigate.
- DO consider using tools that filter or block unwanted messages or unknown senders:
- Your mobile device may have built-in spam protection. Check the settings on its messaging app.
- Most major wireless carriers offer call-blocking services.
- Some call-blocking apps also filter out junk texts.
> What NOT to Do:
DON'T provide personal or financial data in response to an unsolicited text or at a website the message links to.
- DON'T click on links in suspicious texts. They could install malware on your device or take you to a site that does the same.
- DON'T reply, even if the message says you can “text STOP” to avoid more messages. That tells the scammer or spammer your number is active and can be sold to other bad actors.
- DON'T assume a text is legitimate because it comes from a familiar phone number or area code. Spammers use caller ID spoofing to make it appear the text is from a trusted or local source.
President/CEO, D.E. Web Works