[SCAM ALERT] Smishing is Getting Worse (what you need to know and do)

Category: Mobile , Security

Scammers and other cyber-criminals are endlessly adaptable, switching to new attack vectors as rapidly as users catch on to old ones. Most users have raised their guards against email phishing scams, but “smishing” - a mashup of SMS and phishing - is a growing threat due to the ubiquity of mobile phones. Read on for the scoop, and how to protect yourself from “smishing” attacks...

What is Smishing?

“Smishing” stands for “SMS phishing.” It’s a social-engineering technique that relies on text messages to dupe users into taking actions that reveal their sensitive personal information, or lure them to a rogue website that will trick them into handing over a credit card, or sneakily infect their phones with malware.

A smishing message includes the usual elements of a scam: the false appearance of a trusted sender; a message designed to grab your attention; and an urgent call to action that promises a reward or a solution to a problem. You’ll have much bigger, real problems if you perform the suggested action. Here's how a typical smishing scam goes down.

Ding! A text message arrives unexpectedly. The action requested may be a voice phone call to “account services” at your bank, Amazon, or another large company that most people know and trust. It may be a demand that you visit a website via a link provided in the message. Less often, it’s a request for a reply that leads to a text message dialogue with a scammer, or an automated bot that seems to be a person.

What is smishing?

Whatever the action is, it leads to subtle requests for more and more information: Social Security Numbers, addresses, credit/debit card info, login credentials, etc. These are things that no legitimate company will ever ask you to provide or “verify” via text message, email, or over the phone.

Smishing has been around for many years, but recently there has been a surge of smishing attacks that has security experts sounding the alarm more loudly. The most recent Robokiller phone scam report notes that 78 billion robotexts were sent in the first half of 2023, an increase of 18% over the previous year. They estimate that consumers lose a in excess of $25 billion annually due to robotexts. So it’s important to be extra cautious with SMS messages.

Scammers are moving away from roboCALLing to roboTEXTing, while refining their evil craft with more aggressive and effective pitches. The FCC adopted rules to address the problem of scam texting in March of 2023, requiring mobile service providers to block robotext messages that are "highly likely to be illegal", but it will be some time before the details are hashed out and implemented.

Why is Smishing a Growing Concern?

This is a good time to remind AskBob readers about the importance of Two-Factor Authentication, or 2FA for short. It sounds geeky, but it's actually a simple tool that can protect you even if a hacker steals all your passwords. See my article Protect Your Accounts with an Authenticator App for details on that. And while we're on the subject, see my Seven Point Tuneup For Hacker Defenses.

The response rate of email phishing has fallen considerably, as more users become aware of the telltale signs of phishing and refuse to take the bait. But many people still trust their phones, and are unaware of the techniques that scammers can use. Another factor is that people are often distracted and on the move when they receive a text, and may respond without thinking.

A smishing message might include a warning purportedly from your bank, informing you of an unauthorized purchase, or some other company telling you that your account was frozen due to fraudulent activity. Another common one is the "You just won a prize (or gift card)" message. These scams may encourage you to call a phone number. Don't -- instead call the company (with a phone number you know is correct) and report the message to their security department. Or just chuckle, and delete it.

Bogus text messages that appear to be from FedEx include a tracking number and a request to "set up delivery preferences" for a package that's en route. Of course there's a link to click, which takes the unsuspecting to a page that (drumroll, please...) informs them that they've won a fabulous prize! All you have to do is complete a survey, and pony up your credit card to cover the shipping fee. That's where things get worse.

Both FedEx and UPS do offer customers the option to sign up for text message alerts about packages they have sent or received. That's why this particular smishing scam has credibility at first glance. Recently I've gotten a couple of texts purporting to alert me to high-dollar purchases on Amazon, and advising me to click a link to confirm. It was easy enough to check my Amazon account to see that no such purchase was made.

The cost of sending smishing messages is virtually zero, allowing more bad actors to get into the smishing game with ever-higher volumes of bogus messages. Some bad guys run SMS servers that they rent out to other bad guys, making smishing attacks as easy as writing a bogus message and clicking on a few options. These scam-as-a-service operators even provide bogus websites that look very much like those of familiar banks and other trusted companies.

There are no apps that detect smishing messages effectively. Verizon, AT&T and other mobile providers have the big-data advantage of seeing this flood of robotexts at the network level. With a bit of AI magic, it should be reasonably easy to identify and block the majority of them. Until that happens, it’s incumbent upon you to know the telltale signs of a scam and just refuse to go along with it. Never call a phone number in a text that purports to be your bank’s. Never click on a shortened URL in a text message; you have no idea where it will lead. Keep your mental guard up at all times.

If you're not sure who the sender of a text message is, my advice is to delete it and move on. Have you ever gotten a suspicious text message, or one that was just spam? Your thoughts on this topic are welcome. Post a comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 6 Oct 2023


For Fun: Buy Bob a Snickers.

Prev Article:
Try These 40+ Free Research Tools

The Top Twenty
Next Article:
[REVEALED] Your Computer's Worst Enemy

Most recent comments on "[SCAM ALERT] Smishing is Getting Worse (what you need to know and do)"

Posted by:

John
06 Oct 2023

Recently I have had two scams after I visit Google to get contact number for companies such as Vodaphone and Gas company. Google gives me number supposedly from these companies but when I contact them I realise scam is in progress when they ask me to allow access to my phone. Why cant google ensure that only official company names are listed?


Posted by:

Chris
06 Oct 2023

An increasingly common ploy is scammers sending what looks to be a text to the wrong number. My most recent (yesterday) was "Hi there, have you ever been to Melbourne?". The hope is that the recipient kindly informs the scammer of the error and then the scammer will try to engage the recipient in conversation, eventually leading to whatever flavour of scam they are running.

The subreddit scambait has any number of examples.


Posted by:

Ernest N. Wilcox Jr. (Oldster)
06 Oct 2023

I treat text messages on my phone similarly to how I treat email messages, using similar rules. You should too. When I receive an email message from an unknown sender, I send it to the spam folder. When I receive a text message from an unknown source, I delete it without ever looking at it. For any email/text message that purports to come from someone/place I know, I attempt to confirm its legitimacy using another means of contact (a phone call/email/text message using a known good phone-number/address, etc.). The important thing is that I never use any link/QR Code contained within the message.

The bottom line here is that we should all adopt a Zero Trust paradigm, which involves a very healthy dose of skepticism, regarding anything that comes from the Internet or any external source to our computers or any of our digital devices.

My2Cents,

Ernie (Oldster)


Posted by:

Mike
06 Oct 2023

John's post (no insult intended) typifies the text in most scam communications: grammar, syntax, spelling and capitalization errors.


Posted by:

miger
06 Oct 2023

I agree with Mike above on commonly seen errors in scams messages, but you can't always depend on finding them. What is becoming a funny extreme is someone who won't even answer their doorbell or phone ring if they are not expecting someone or have the calling phone number in their contacts. I think that is paranoid in extreme. Don't let the evil ones of the world destroy your whole outlook on life. One of my best friends was once an unknown neighbor who expectantly knocked on my door.


Posted by:

miger
06 Oct 2023

Sorry I meany unexpectedly knocked on my door.


Posted by:

AJ
07 Oct 2023

Receive a lot of SPAM phone calls and suspicious messages.
With recent upgrades to Android OS, my phone now allows me to block unlimited number of phone numbers. I used to use app do this.


Posted by:

Jonathan
23 Oct 2023

Just received several texts from Angi (List).

Firstly offering to recommend contractors for my (non-existent) project, then over the course of four more messages, moving on to "these contractors are ready to give you a bid ... click here" ... yea right, I am an Ask Bob fan, I know better!


Posted by:

John
23 Oct 2023

I recently received a text purportedly from the USPS advising me that my package "has arrived at the warehouse and cannot be delivered because it is incomplete Address information" and asking me to tap an obviously bogus link. I blocked the number. Then I got a similar text 2 more times and blocked each number. After the third time they gave up. It was annoying but solved the problem.


Posted by:

Erik S
19 Nov 2024

"WHAT IS MY NAME?"

Whenever I have doubts, this is
the question that I send back
(in capital or regular letters).
Not a single time so far
have I gotten an answer.

After a grandfather was tricked
into sending money to "his grandson"
whose phone had been lost
(hence the strange phone number
"his" stranded child relative
was sending the Help message from),
I wrote an article for Denmark's
Berlingske daily newspaper with
more tips against scammers…
https://www.berlingske.dk/kommentatorer/forfatter-giver-tips-videre-til-danskere-udsat-for-intetnetsvindlere


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML


Article information: AskBobRankin -- [SCAM ALERT] Smishing is Getting Worse (what you need to know and do) (Posted: 6 Oct 2023)
Source: https://askbobrankin.com/scam_alert_smishing_is_getting_worse_what_you_need_to_know_and_do.html
Copyright © 2005 - Bob Rankin - All Rights Reserved