One of the biggest scams to be wary of comes from your phone.
“Smishing” – a term that combines “SMS” and “phishing” – involves criminals attempting to obtain your personal and banking information via unsolicited text messages on mobile devices. They do this by pretending to be government agencies, companies you may have done business with, or a package delivery service. They say something to get your urgent attention, such as a text message about a free gift that you’ll have to pay a small “shipping fee” to receive, or they send an alert about suspicious activity on your account.
“We see it a lot with people approaching banks and saying, ‘This is Chase Bank, your account is frozen due to a security breach. “Click here to verify your information,’” said Amy Nofziger, director of Fraud Victim Assistance with AARP.
The Federal Trade Commission reports that Americans lost $330 million to smishing scams in 2022, with an average loss of $1,000.
Such text message scams can fool us more easily because our phones train us to pay attention to them. “We have our devices with us 24/7. And when we hear that little “thing!” we automatically look at it. “We don’t do that as often with our emails anymore,” said Nofziger.
In package smishing scams, the suspicious message may seem innocuous and read: “USPS: Because your package address does not have a street number, we cannot arrange home delivery for you. Please update online,” the FTC said as an example. However, once you click, you will be asked to pay a “reshipment fee” to trick you into giving up your credit card information.
“We order packages more often, especially around the holidays and this time of year. “So it may not be unusual to receive an email from a shipping company saying there is a delay,” Nofziger said. That’s why she advises consumers to get into the habit of writing down what you ordered, where you ordered it and which company delivered the package.
When in doubt, call the source instead of relying on a text message. “If you believe there is a problem with your shipping, package, item or bank account, simply call the company at the number you provided. And just check like that,” Nofziger said.
“It’s better to contact the company through the original website or phone number than to provide account information and login and password information through a fake link,” said Stephanie Benoit-Kurtz, senior faculty in cybersecurity at the U of U’s College of Business and Information Technology Phoenix.
How to recognize a “smishing” message
A “smishing” message can look like any other text message, but there are a few tell-tale signs that tell you something is wrong. Here’s what you should keep in mind:
See how many people also received your SMS.
If your text message about a free gift or suspicious activity was also sent to multiple people, be suspicious. “This is an immediate red flag and you should definitely delete it and block the number immediately,” Nofziger said.
Be wary of unsolicited messages asking for your information.
A regular prompt tells you information you signed up to receive, whereas a spam message is more likely to ask for it, Nofziger said. “If they then ask you to leave that platform or ask you for personal information, that should be your No. 1 red flag. “Nothing is as important as your personal and financial information,” she said.
Be suspicious of any action you need to take immediately.
Bad actors want you to have no time to think. So take a breath and really think about what is being asked of you. “The sense of urgency is ‘right now’ and they’re looking for you to deposit a check, purchase gift cards and provide information or log into an account through this link,” Benoit-Kurtz said.
What you can do to block “smishing” messages
If you spot a “smishing” message, don’t just leave it in your messages folder. Take these steps to prevent future problems:
Block or filter unwanted messages.
You can filter messages from unknown senders on Apple phones by going to Settings and then Messages. Scroll down until you see “Filter Unknown Senders” and select it.
On Android phones, go to Settings and then Blocked Numbers. Enable the Unknown option to prevent private or unidentified numbers from contacting you.
Nofziger said that filtering out these messages is “a great tool that you can use to give yourself a little red flag… ‘Well, this person isn’t in my contact list because they weren’t in my regular folder.’ So let me pause for a moment, calm down and pay attention to what this message is about.’”
Report smishing.
USPS recommends attaching a screenshot of the text message with the sender’s phone number and shipping date and sending it to [email protected].
For unwanted messages on iPhones that aren’t in your contacts, tap the Report Junk option that appears, then tap Delete and Report Junk. On Android phones, click the person you want to block, then click More options. From there, select “Block and report spam.”
In general, you can forward the suspicious message to 7726 (SPAM). This way, your cell phone provider can learn to block similar spam messages for you. You can also report it to the FTC at reportfraud.ftc.gov.
What if I have already been “spoken”?
If you’ve fallen for the “smishing” scam, don’t panic. There are still ways to limit losses.
If you click on a link that you think is suspicious, you should immediately check your computer for malware, Nofziger said. And ignore any follow-up texts the person may send you, even if they seem friendly.
“Stop communicating because at some point you will be asked to go to a link or help you with your device,” Nofziger said.
And if there are fraudulent transactions or security breaches, be sure to call your bank so they can investigate.
“If you believe you are a victim of fraud, be sure to report it to the financial institution or organization immediately. You can also contact the Attorney General’s Office to report the problem,” Benoit-Kurtz said.
This post originally appeared on HuffPost.
Originally posted 2023-12-17 07:36:32.