what is smishingAs technology advances, so do the criminals using it to try and target innocent people to steal their information and money. We have written about all kinds of techniques used by scammers, with one of the most frequently highlighted being phishing. In case you aren’t in the know, phishing is the use of email to trick or lure unsuspecting victims into clicking a dangerous link or giving over sensitive information which will help the sender commit identity theft or some other form of fraud.

Phishing schemes are commonplace, with the IRS placing it at the top of its “dirty dozen” list of scams for 2017, and by this point many people know what to look for when it comes to suspicious emails. But email isn’t the only method fraudsters use to try and steal your information — over the past decade, something called smishing — SMS or text message-based phishing — has been on the rise thanks to the growing cell phone usage around the world. Learn more about smishing, common forms this scam can take and how to protect yourself.

Smishing is growing in frequency

Thought to have first emerged in 2006, smishing was not as valuable to scammers at first due to the cost associated with sending text messages. However, as the cost of texting has decreased while the number of people who own mobile phones has increased, this has changed. While many people have become accustomed to filtering through email inboxes that are full of spam, promotional emails and other clutter, most people do not regularly receive unknown or unwanted text messages. This gives smishers an advantage, because people are less likely to view text messages with the same suspicions they reserve for emails. At the same time, we’re giving out our mobile numbers left and right, which increases the chances that they’ll eventually wind up on a scammer’s list.

What types of smishing messages are common?

Although they can take any form, in general, there are several types of smishing messages to be on the lookout for. These include:

  • Business: This type of text or SMS will impersonate a business such as your bank or mobile service provider and try to convince you to respond to the message with information or ask you to click a link to log into your account or provide requested information. It may indicate that there is a problem with your account and implore immediate action.
  • Friendly: These take a different approach, using a conversational or even flirtatious tone to try and trick you into thinking you’re receiving a message from someone you know or a friendly stranger. These may be attempts at social engineering for future scams, or they could include malicious links with text as simple as, “Check out these photos of us!”
  • You’re a Winner: One of the tried and true staples in many scammers’ repertoires, the fake contest or prize drawing scam has migrated to the mobile sphere. If you receive a text or SMS claiming you have won a prize or enticing you to click a link or send information to be entered to win something, chances are you’re being smished.

How can you protect yourself?

The good news when it comes to smishing is that the messages themselves are not dangerous, so long as you remember not to click any links contained within or engage with the scammer. Your best bet is to simply not respond — in fact, responding can backfire, as it tells the scammer that they’ve reached a working number. You could wind up in the cross-hairs of even more smishing scams (or phone scams). Remember: no legitimate business will require you to respond or act immediately. When in doubt, contact the business directly using a phone number found on its website or a piece of mail, rather than using contact information provided to you via text. If you do receive a suspicious text message, keep it on hand (or take a screenshot) and report it to any applicable entity — your local police, financial institution or the FTC’s Online Complaint Assistant.

It is also important to protect yourself from winding up on the receiving end of scams by safeguarding your cell phone number as best you can. Don’t publish it on social media or elsewhere online, and avoid giving it out unless absolutely necessary. That can be a tough thing to avoid in today’s world, where many apps and businesses require a valid mobile phone number from users and patrons. Using a free service like Google Voice to create a secondary phone number is one potential solution to keep smishers out of your mobile inbox. Whenever possible, make sure to read the terms of service before giving out your phone number so you can know whether they might sell or use your information — and if so, how.

What if I fell for a smishing scam?

First, don’t panic. Scams are designed to prey upon people’s weaknesses, and lots of people fall for them. If your personal information was compromised, you can follow our instructions for reporting identity theft to begin the process of protecting your good name. If your financial information was involved, it’s important to contact the financial institution immediately, as well as the authorities. The sooner you report fraud, the easier it will be to undo any damage done. Fortunately, you aren’t alone, and there are plenty of resources to help people deal with the aftermath of scams.

Learn more about these resources as well as how to protect yourself from scams of all kinds by following our blog.