[ALERT] Have You Been Smished?

Category: Mobile , Security

Spammers and scammers are endlessly adaptable, switching to new attack vectors as rapidly as users catch on to old ones. One of the “new” vectors is actually many years old, but it’s achieving some prominence now as mobile phones have become nearly ubiquitous and users have raised their guards against email phishing scams. Read on for the scoop, and how to protect yourself from “smishing” attacks...

What is Smishing?

“Smishing” stands for “SMS phishing.” It’s a social-engineering technique that relies on text messages to dupe users into taking actions that reveal their sensitive personal information, or lure them to a rogue website that will trick them into handing over a credit card, or sneakily infect their phones with malware.

A smishing message includes the usual elements of a scam: the false appearance of a trusted sender; a message designed to grab your attention; and an urgent call to action that promises a reward or a solution to a problem. You’ll have much bigger, real problems if you perform the suggested action.

The action requested may be a voice phone call to “account services” at your bank, Amazon, or another large company that most people know and trust. It may be a demand that you visit a website via a link provided in the message. Less often, it’s a request for a reply that leads to a text message dialogue with a scammer, or an automated bot that seems to be a person.

What is smishing?

Whatever the action is, it leads to subtle requests for more and more information: Social Security Numbers, addresses, credit/debit card info, login credentials, etc. These are things that no legitimate company will ever ask you to provide or “verify” via text message, email, or over the phone.

Smishing has been around for many years, but recently there has been a surge of smishing attacks that has security experts sounding the alarm more loudly. There are several reasons why smishing is a growing threat:

Why is Smishing a Growing Concern?

This is a good time to remind AskBob readers about the importance of Two-Factor Authentication, or 2FA for short. It sounds geeky, but it's actually a simple tool that can protect you even if a hacker steals all your passwords. See my article What is Two-Factor Authentication? for details on that. And while we're on the subject, see my 5-Point Tuneup For Hacker Defenses.

The response rate of email phishing has fallen considerably, as more users become aware of the telltale signs of phishing and refuse to take the bait. But many people still trust their phones, and are unaware of the techniques that scammers can use. Another factor is that people are often distracted and on the move when they receive a text, and may respond without thinking.

A smishing message might include a warning purportedly from your bank, informing you of an unauthorized purchase, or some other company telling you that your account was frozen due to fraudulent activity. Another common one is the "You just won a prize (or gift card)" message. These scams may encourage you to call a phone number. Don't -- instead call the company (with a phone number you know is correct) and report the message to their security department. Or just chuckle, and delete it.

Recently, text messages that appear to be from FedEx include a tracking number and a request to "set up delivery preferences" for a package that's en route. Of course there's a link to click, which takes the unsuspecting to a page that (drumroll, please...) informs them that they've won a fabulous prize! All you have to do is complete a survey, and pony up your credit card to cover the shipping fee. That's where things get worse.

FedEx does offer customers the option to sign up for text message alerts about packages they have sent or received. That's why this particular smishing scam has credibility at first glance.

The cost of sending smishing messages is virtually zero, allowing more bad actors to get into the smishing game with ever-higher volumes of bogus messages. Some bad guys run SMS servers that they rent out to other bad guys, making smishing attacks as easy as writing a bogus message and clicking on a few options. These scam-as-a-service operators even provide bogus websites that look very much like those of familiar banks and other trusted companies.

There are no apps that detect smishing messages effectively. It’s incumbent upon you to know the telltale signs of a scam and just refuse to go along with it. Never call a phone number in a text that purports to be your bank’s. Never click on a shortened URL in a text message; you have no idea where it will lead. Keep your mental guard up at all times.

If you're not sure who the sender of a text message is, my advice is to delete it and move on. Have you ever gotten a suspicious text message, or one that was just spam? Your thoughts on this topic are welcome. Post a comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 28 Jan 2020

For Fun: Buy Bob a Snickers.

Prev Article:
Help, My Friends Think I'm a Spammer

The Top Twenty
Next Article:
Geekly Update - 29 January 2020

Most recent comments on "[ALERT] Have You Been Smished?"

Posted by:

28 Jan 2020

oddly, I got a phone call on my hard-wired land-line yesterday at 8 am, asking if I lived at [my address] and [my ZIP code]. nothing else was asked, and a little while later a package materialized at my door (!)

Posted by:

28 Jan 2020

Last year a friend and I were having coffee when she got a text from her bank that someone had tried to access her credit card, and it gave a link for more info. Being the "don't trust anyone" person I am, I stopped her from clicking on it. Further scrutiny showed that the link was to a bastardized version of the bank's Web address. She was spooked and went across the street to her bank, confirming that they had never sent anything about that to her. I've since received a couple myself.

Posted by:

Sarah L
28 Jan 2020

I have kept my land line and give that number out to most businesses. That way they have nowhere to send a text. I like reserving texts for people I want to hear from.

Posted by:

Paul R
28 Jan 2020

For over the past year my SCAM volume has increased dramatically. Thankfully there is 'delete all" button on my scam file to make it simple to get rid of them. However, I usually take a minute to scan the list for possible real emails. I am glad Internet Servers have given me a quick way out.

Posted by:

28 Jan 2020

Hey Bob, amazing coincidence, I also got 3 different texts with that same exact FEDEX tracking code as you! The scammers aren't creative enough to even change the code.

Posted by:

Tom McGranahan
29 Jan 2020

I had a call about a large charge on my 'Amazon Account' The only way it could be corrected was if the caller could get into my computer remotely.
I declined!

Posted by:

Denise W
29 Jan 2020

Several years ago I received a text message which began, "Walter, we've got .... blah blah blah." Since it was personalized, I stupidly replied to them, telling them they had the wrong number. Once I realized what was going on, I blocked the number - and they used a different one instead. Over the years they've used all combinations of bogus phone numbers, and now email addresses that can't be blocked, 5-digit numbers (e.g. 210-88). And every one of them starts by calling me Walter. Invites for sex, for cash prizes, for plumbing services (?!), week after week, month after month, year after year. I used to report the texts to AT&T's spam message service, now all I do is select and delete because that didn't accomplish anything. So aggravating, but I refuse to give up this cell number...not yet, anyway.

Posted by:

Ron L
29 Jan 2020

Every day I receive many Emails that go directly to my Spam folder. All have strange sender names which consists of a bunch of letters that mean nothing to me. I click on delete all button and they are gone. Who filters these? I use AOL Desktop Gold and Windows 10.

Posted by:

29 Jan 2020

Does this happen in Facebook Messenger as well as SMS texts?

Posted by:

04 Feb 2020

Recent text messages from Amazon to confirm my shipping options. Also to click the link to do so. I always have a large package that needs to be confirmed. These people are so stupid. Do they really think that people cannot remember what they have ordered?

Posted by:

04 Feb 2020

Yes, it has happened to me. One of them started out with the sentence: THIS IS NOT A SCAM".
That has been the funniest one for me.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- [ALERT] Have You Been Smished? (Posted: 28 Jan 2020)
Source: https://askbobrankin.com/alert_have_you_been_smished.html
Copyright © 2005 - Bob Rankin - All Rights Reserved