How do you communicate with your nearest and dearest when you’re on the go and can’t make a phone call? Do you send a VoiceNote? Use WhatsApp? Or, do you send an simple text message?
In a world where apps can almost run our lives for us, the humble SMS has outlived them all – and it’s still going strong. Unfortunately, though, texting has come under attack as one of the most vulnerable mediums for identity theft and more.
Here’s what you need to know about an SMS-based scam called “smishing.”
How it works
Smishing scams are similar to email phishing scams in which scammers target victims by sending an email that appears to be from their bank or credit union, internet service provider or one of their favorite businesses. Smishing scams use text messages instead of emails, but their goal is the same as phishing scams: to establish contact with the victim and access their personal information.
The scam begins with a supposedly urgent text appearing to be from the victim’s financial institution of choice. Sometimes, it’s from a bank or credit union with whom they have never done business!
The text claims the victim’s checking account is locked and that the victim must take immediate action to restore it. Alternatively, the text may alert the victim about a large, unauthorized purchase that was charged to their account. The scammer warns that, if the charge is not contested immediately, the victim will be responsible for the transaction. There are more variations, but they will always convey a sense of urgency to induce panic and trigger immediate and mindless obedience.
The victim is then instructed to call a specified number and, upon doing so, will be asked to share personal financial information. Once they’ve got their hands on this info, the scammer is free to steal the victim’s identity, empty their accounts or go on a shopping spree on the victim’s dime.
Who are the victims?
Smishing scams primarily target people who use mobile banking apps and sites. Victims who use their phones to manage their accounts don’t question when their financial institution appears to contact them by text message and, unfortunately, these smishing scams are often successful.
It isn’t just online banking users who need to be wary of smishing. Fraudsters have widened their net and have recently started sending messages to any cellphone number they can get their hands on.
If you own a checking account and a cellphone, you are vulnerable to a potential smishing scam.
Recognizing smishing scams
If you know what to look for, you’ll be able to spot a smishing scam at first glance.
The credit union’s credit and debit card fraud detection partner may text you if the network detects suspicious activity on your account. Destinations Credit Union’s card fraud detection department’s phone number is 1-800-889-5280. Do not respond to the text, simply call the Fraud detection department and give them the reference number.
Destinations Credit Union will not use a text message to alert you of a lockdown on your account; we prefer to use more personable contact methods to help ensure your privacy and personal security.
Also, the phone number the smishing text instructs you to call is not ours. We service our members from our own premises, and our number is 410-663-2500. If you’re told to contact us at a different line (other than the card fraud number above), it’s not us you’re calling!
You can also spot the smishing scam just by looking at the phone number. The text will often appear to come from a number that is obviously fake. Alternatively, it can appear to have come from one of your contacts who is kindly letting you know about the trouble with your account. In such cases, ask your friend (directly, not in response to the message) if they actually sent it. If they have no idea what you’re talking about, someone is using their number to lure you into a scam.
If you’ve been targeted
If you receive a suspicious-looking text that might be a smishing scam, do not engage the texter! Jot down the scammer’s number and delete the message. Let us know about the smishing attempt and tell all your friends. You can also alert the FTC at ftc.gov so they can help catch those criminals.
If you’ve fallen for such a scam and your accounts have been compromised, alert your credit card companies and be sure to let us know as well. We’ll help you mitigate the damage and regain control of your finances.
You can’t insulate your phone against these scams, but there are some proactive steps you can take to protect yourself, your device and your money.
- Always use two-factor authentication. Most credit unions require a two-factor sign-in, but if you have the choice of opting out of this extra step, don’t take it! It’s not worth the added risk.
- Strengthen your passwords. Never double your password use across different accounts, websites and apps. Make sure your passwords are strong and unique. Consider using a password manager like Dashlane or 1Password.
- Don’t respond. Ignore text messages from unknown numbers, even if they’re not alerting you about a problem with your accounts. A text from an unknown source may be the scammer’s first attempt at establishing contact and determining if you’re a willing target for a future scam.
Make sure you are always on the alert for smishing scams. Don’t let those crooks get their hands on your money!
Your Turn: Have you been targeted by a smishing scam? Tell us all about it in the comments!