[ALERT] Smishing Scams On The Rise

Category: Mobile , Security

Scammers and other cyber-crooks are endlessly adaptable, switching to new attack vectors as rapidly as users catch on to old ones. One of the “new” vectors is actually many years old, but it’s achieving some prominence now as mobile phones have become nearly ubiquitous and users have raised their guards against email phishing scams. Read on for the scoop, and how to protect yourself from “smishing” attacks...

What is Smishing?

“Smishing” stands for “SMS phishing.” It’s a social-engineering technique that relies on text messages to dupe users into taking actions that reveal their sensitive personal information, or lure them to a rogue website that will trick them into handing over a credit card, or sneakily infect their phones with malware.

A smishing message includes the usual elements of a scam: the false appearance of a trusted sender; a message designed to grab your attention; and an urgent call to action that promises a reward or a solution to a problem. You’ll have much bigger, real problems if you perform the suggested action.

The action requested may be a voice phone call to “account services” at your bank, Amazon, or another large company that most people know and trust. It may be a demand that you visit a website via a link provided in the message. Less often, it’s a request for a reply that leads to a text message dialogue with a scammer, or an automated bot that seems to be a person.

What is smishing?

Whatever the action is, it leads to subtle requests for more and more information: Social Security Numbers, addresses, credit/debit card info, login credentials, etc. These are things that no legitimate company will ever ask you to provide or “verify” via text message, email, or over the phone.

Smishing has been around for many years, but recently there has been a surge of smishing attacks that has security experts sounding the alarm more loudly. Robokiller's 2021 Phone Scam Insights report notes that almost 88 billion fraudulent texts were sent in 2021, and cost consumers a staggering $10 billion in losses.

Why is Smishing a Growing Concern?

This is a good time to remind AskBob readers about the importance of Two-Factor Authentication, or 2FA for short. It sounds geeky, but it's actually a simple tool that can protect you even if a hacker steals all your passwords. See my article Protect Your Accounts with an Authenticator App for details on that. And while we're on the subject, see my Seven Point Tuneup For Hacker Defenses.

The response rate of email phishing has fallen considerably, as more users become aware of the telltale signs of phishing and refuse to take the bait. But many people still trust their phones, and are unaware of the techniques that scammers can use. Another factor is that people are often distracted and on the move when they receive a text, and may respond without thinking.

A smishing message might include a warning purportedly from your bank, informing you of an unauthorized purchase, or some other company telling you that your account was frozen due to fraudulent activity. Another common one is the "You just won a prize (or gift card)" message. These scams may encourage you to call a phone number. Don't -- instead call the company (with a phone number you know is correct) and report the message to their security department. Or just chuckle, and delete it.

Bogus text messages that appear to be from FedEx include a tracking number and a request to "set up delivery preferences" for a package that's en route. Of course there's a link to click, which takes the unsuspecting to a page that (drumroll, please...) informs them that they've won a fabulous prize! All you have to do is complete a survey, and pony up your credit card to cover the shipping fee. That's where things get worse.

FedEx does offer customers the option to sign up for text message alerts about packages they have sent or received. That's why this particular smishing scam has credibility at first glance. Recently I've gotten a couple of texts purporting to alert me to high-dollar purchases on Amazon, and advising me to click a link to confirm. It was easy enough to check my Amazon account to see that no such purchase was made.

The cost of sending smishing messages is virtually zero, allowing more bad actors to get into the smishing game with ever-higher volumes of bogus messages. Some bad guys run SMS servers that they rent out to other bad guys, making smishing attacks as easy as writing a bogus message and clicking on a few options. These scam-as-a-service operators even provide bogus websites that look very much like those of familiar banks and other trusted companies.

There are no apps that detect smishing messages effectively. It’s incumbent upon you to know the telltale signs of a scam and just refuse to go along with it. Never call a phone number in a text that purports to be your bank’s. Never click on a shortened URL in a text message; you have no idea where it will lead. Keep your mental guard up at all times.

If you're not sure who the sender of a text message is, my advice is to delete it and move on. Have you ever gotten a suspicious text message, or one that was just spam? Your thoughts on this topic are welcome. Post a comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 15 Jul 2022

For Fun: Buy Bob a Snickers.

Prev Article:
Hard Drive Partitioning Myths, Mistakes, and My Advice...

The Top Twenty
Next Article:
How Private Is Your Inbox?

Most recent comments on "[ALERT] Smishing Scams On The Rise"

Posted by:

15 Jul 2022

Yes often! Your Amazon account has just been charged . . .(usually one small item, and one very expensive one), your credit card has just been charged . . . Congratulations you have won a new BMW, and $450,000. I'm old, but not falling for that. Like Bob says, easy to check your account directly if you feel the need to.

Posted by:

Ernest N. Wilcox Jr.
15 Jul 2022

If you have not already done this, here is one setting on my Android phone that may help protect against smishing:

Open the Messages app
touch the 3-dot menu > Settings > Spam protection > Enable spam protection.

On my phone with Android 11, I touch the 3-dot menu, then settings, then block numbers and spam, I make sure Caller ID and spam protection is turned 'on'.

I wish there were a way to block all incoming messages and calls from senders/callers who are not in my contacts list, because that would definitely protect me from this sort of threat, especially since I don't have any need to receive calls/messages on my mobile phone from anyone else.


Posted by:

15 Jul 2022

Only 1 that I owed money to the IRS , well, the dutch equivalent. In case wouldn't pay thay would send debt collectors to my house. Crazy

Posted by:

Cold City
15 Jul 2022

I did get a few phone calls on my old land line saying you have made a large purchase on Amazon.
I knew it was not the case since I gat an email for each and every transactions made on all of my accounts. One woman was trapped by a phone call claiming to be from the Canadian Mounted Police, the shown number was the real one. So scammers can even forge false numbers being shown on the caller id land line phone.

Posted by:

Jay R
15 Jul 2022

If I get an email or SMS or anything else that is appealing to my greed I chunk it unlss I am concerned to the point of wanting to speak to the business. I call the business with my phone. So far, no body has reeled me in.

Posted by:

15 Jul 2022

I used to never get these, I have lots of protections on my iPhone, T-Mobile's ScamShield actually gets most. When one does get through they are easy to see. I copy the message, send it to T-Mobile's spam address, then block the number and delete the text.

The funny ones are those that say my debit card has been placed on hold - from banks I've never had an account with. Of late, I have been getting ones that just say "hi" from odd area codes. Always someone who says their friend gave them the wrong number, I've asked a couple if they have friends in my area code? No. Then they ask if I'd like to be friends anyway. Copy, report, block and delete. Scum of the earth these fools.

Posted by:

Judy Means
15 Jul 2022

It has taken me a couple of months to get control of my email Gmail account. I was getting 30-50 of those fraud emails a day. I started using my “IPhone Block this Number (or email) “ setting. Now I get maybe 2 a day. That I can deal with. I wish there was a stronger option or program out there to do the work, though. It does get a tad boring to maintain. With all the knowledge available to Google, you would think they could come up with a stronger, more sophisticated solution. I find their lack of interest odd, though. Makes you wonder if they are profiting from this somehow.

Posted by:

15 Jul 2022

I almost never use my cellphone so goodness knows what is landing on it. I do get spam on my Bell Canada landline that I just hang up on. What I don't understand is why these people call the same number over and over again, always getting the same result, a hangup.

Posted by:

15 Jul 2022

I get spam calls about an auto warranty. I talk to a representative and ask which car is out of warranty. They can never answer that question. Funny thing is I don't drive.

Posted by:

16 Jul 2022

I believe I got my first smishing scam a few hours ago--Pretending to be Amazon. The URL looked totally bogus and I immediately logged into my Amazon account on my desktop computer and discovered that there was NO suspicious activity. I wish there was a way I could reply by sending some sort of signal that would totally fry the circuits of whatever equipment these jackasses use to send their scams.

Posted by:

16 Jul 2022

PayPal is another one that we sometimes get.

Posted by:

16 Jul 2022

At times, I see text messages from accounts, which I do not even have. Definitely, this is an indicator that this is a faker and cyber-miscreant. Since I use ATT as my cell phone service provider, as I delete the message, an option appears "Delete Junk". I select that, and the message is gone. What ATT does with that "report", I don't know. At least I put my 2 cents into that. What is important is that I do NOT respond. I just delete, "report", and have a little laugh. I will not let the scum of the Earth ruin my day!

Posted by:

16 Jul 2022

Here in Australia, a new government mandated code will fine cell companies up to $250,000 if they don't block scam messages, and share relevant information with authorities. Telstra - the major Australian cell provider - has blocked 185 million texts in just three months! You can see how big the problem is - but hopefully, this action will reduce it.

Posted by:

16 Jul 2022

Yep, my latest is a "couldn't leave a message as your inbox is out of credit" - on a landline.
I would like to know why the authorities (wherever you may be) are not more active in tracking down and jailing these criminals. No need to prosecute, just publish their identity and let the vigilantes who've lost money get to work.

Posted by:

16 Jul 2022

It's not only in the USA; I get them regularly in the UK. Simple check - hover over the link, and see where it leads - I can pretty well guarantee that it will lead to an obvious scam address; it won't have the domain name of the company the request is supposed to come from.

Posted by:

16 Jul 2022

Thank you, Bob, for this very informative article. I have received several claiming that I have 'won' something. DELETE!!! Unfortunately I did have an unauthorized purchase on my credit card and rec'd texts from my bank about it. Checked at the bank website and this one was fact. Bank handled and deleted my account and sent new card with new number. Scary? Yes!

Posted by:

06 Apr 2023

Thanks for the explanations, they are very helpful because of the language used, so I know how to explain to others. OH btw I have my phone on DND (do not disturb) and allow only texts and calls in my list. All others will come in but won't alert me and I can check them at my leisure. It's perfect, I don't get all those rings saying I "won a trip" (yeah right!) like everyone else at work. :)

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- [ALERT] Smishing Scams On The Rise (Posted: 15 Jul 2022)
Source: https://askbobrankin.com/alert_smishing_scams_on_the_rise.html
Copyright © 2005 - Bob Rankin - All Rights Reserved