What is SMiShing?
SmiShing or SMS phishing is about sending false, fake text messages, claiming the mobile user that they have won a free product or need to enter information or correct an account mistake. Within the fake text message, there is a fake URL link that would lure the individual into clicking the link or a fake phone number. After the user has clicked the link, that is when the hacking starts. The phone number may be to a hacker waiting to steal your info to use at an ATM.
They may request:
- Credit card information
- Account passwords
- Account information
- Other valuable information
Recognize a SMiShing Attempt
There are several indicators of an email or text message scam, including:
- Generic greetings.
- Instead of using your name, many message scams begin with a general greeting, such as: "Dear [Company Name] customer."
- Incorrect account information.
- The message will attempt to scare you with a large account balance, a warning that someone has recently updated your account or a prize or special offer that must be claimed quickly.
- A false sense of urgency.
- The message will attempt to compel you to act by threatening that your account is in jeopardy if you don't update your information as soon as possible, or with a short deadline to claim a prize or special offer.
- Fake links.
- Links may appear valid but typically go to fraudulent websites. Always check where a link is going before you click. On a computer, you can do this by hovering your mouse over the link (without clicking it) and looking at the website address in your browser's status bar, which is usually in a bottom corner of the screen. If it appears suspicious, don't click the link. Alternatively, go directly to the company website from your browser, not through any links sent in messages.
What to Do? Tips to Prevent Becoming a Victim
1. Avoid clicking on any UNKNOWN messages with links. Furthermore, think about who sent you the message. Is it a person that you know?
2. Do not reply to text messages that have asked you about any of your personal finances.
3. If you have received any messages in regard to your business assets or the partnerships that you have with them and/or the bank that is associated with them, call the business or businesses to see if it is a legitimate request before responding.
4. Be on the lookout for messages that contain the number "5000" or any number that is not a phone number. This is a strategy where scammers have masked their identity so their location and identity are not traceable.
5. If the text messages (along with the unknown number) urges for a quick reply then that is a clear sign of SmiShing! Don’t Respond!
6. Do extensive research before replying to any message. There are plenty websites that allow anyone to run a search based on a phone number and see any relatable information about whether or not a number is legit.
7. Never call back a phone number that was associated with the text that concerns you.
8. If the message states "Dear user, congratulations, you have won...." It is a clear sign for SmiShing.
9. Check the time when the unknown message was sent. If the text message was sent at an unusual time, then that is another sign of SmiShing.
10. Make sure to be aware and informed of your bank apps policy. It is important to acknowledge there is a policy that protects your money along with other personal information that is associated with the bank account.
11. Send the fraudulent message to the bank and wireless carrier.
12. Delete the fraudulent message.