Blog

By Jill K. Sanders, Esq.

When you’re awaiting a package, you may sign up for delivery updates. With some couriers, these updates can come via text message, also known as short message service (SMS). But have you ever received a text message asking you to confirm your delivery address, but you weren’t expecting a package? This may an instance of smishing, one of the latest scams used to steal your personal information.

What is Smishing?

With the rise of email over the last several decades, scammers would send email messages as a way to steal personal information. Now, those messages are coming via text message – and this is called smishing (a combination of “phishing” and “SMS”).

For example, the text message may seem like it is from your bank or credit card company. Or, it may seem like its from your utility or insurance company. Many times, it appears to be from a delivery service like USPS or FedEx. The text message will create a sense of urgency if you don’t act immediately. Usually, an internet link will be included in the message.

However, if you click that link, this may trigger the download of a virus or Trojan Horse software that will steal your information. In other cases, the link may take you to a website that looks so convincingly like a website you normally use that you enter your information. Now, the scammers have your personal information or log-in details.

How to Avoid Smishing Scams

If you want to avoid falling victim to smishing, the following tips may help.

1. Be wary of unsolicited messages that request personal information. In particular, take caution at messages that create a sense of urgency or a need to take immediate action. Remember that many companies will only send you text messages if you sign up for them.
2. Be on the look-out for phone numbers that don’t look like normal phone numbers. Also, scammers have ways of “spoofing” phone numbers, so even if you recognize the number, be cautious if the message is suspicious.
3. Don’t click on links in text messages. If you think the message is legitimate, go to the company’s website or call the company directly. For example, if your bank texts you that there’s been fraud on your account, call the bank using the number on the back of your ATM card or log-in to the site you normally use for online banking.
4. For your online accounts, use two-factor authentication. This means that you have not just a username and password – you also get an email or text message confirming that it is, in fact, you signing into your account. By doing this, you add an extra layer of security.
5. Use security software on your cell phone or mobile device.

If you receive a spam text message, don’t respond to it. If you do, this just confirms to the scammers that your number is a working number. So, what can you do? First, forward the text to 7726 (“SPAM”) or report it to the Federal Trade Commission (“FTC”). Then, block the number and delete the message.

References:

• Shweta and Kelly Main, “What Is Smishing? Definition, Examples & Protection,” com (Aug 1, 2023). Available at: https://www.forbes.com/advisor/business/what-is-smishing/ (last accessed Mar. 7, 2024).
• Bobby Welber, “Tricky New Scam Wants To Take Over Your Phone In New York State,” Hudson Valley Post (Mar. 7, 2024). Available at: https://hudsonvalleypost.com/tricky-new-scam-wants-to-take-over-your-phone-in-new-york-state/ (last accessed Mar. 7, 2024).
• Federal Communications Commission, Avoid the Temptation of Smishing Scams (Feb. 1, 2024). Available at: https://www.fcc.gov/avoid-temptation-smishing-scams (last accessed Mar. 7, 2024).

Image: Image by rawpixel.com