Blog

Security CU Blog

A pone with a text message shown on the screen sent by a scammer.

Smishing – Text Message Scams

Scams sent to your phone via text message, also known as Smishing, are getting more sophisticated every day. Here at SCU, we care about helping protect your personal information, accounts and financial well-being. To help, here are some common text scams and how to report unwanted SPAM texts.

Top 10 Text Message Scams to Avoid

  • Missed delivery notification scam texts from UPS, USPS, FEDEX.
  • “Is this you?”
  • Text scams claiming that your bank is closing your account.
  • Texts claiming that you’ve won a prize or sweepstakes.
  • Texts claiming that your debit or credit card has been locked.
  • Text messages supposedly from the IRS or other government agencies.
  • Text messages from your own phone number.
  • Texts claiming that your payment for subscription services didn’t go through (Netflix, HBO, etc.).
  • Texts about purchases you didn’t make (fake fraud alerts).
  • Two-factor authentication scam text messages.

But what do these mean? Keep reading for more information on the scams listed above…

Warning of a disruption of service– Urgency is the underlying message and the fraudsters want you to act fast. The texts will appear to come from the USPS (or other delivery service) regarding a package, financial institution for fraud, Amazon, or PayPal. The text will typically have a link in the message that they want you to use which is either wanting you to provide personal information to a phishing website or will result in keylogging software (software that can capture the keys you press on your keyboard) being downloaded to your device. Some text examples include, “Your package was not delivered”, “Your account was compromised or is locked”, or “Your power will be shut off at 5pm”. The best course of action for these types of texts, is to pause and go directly to the source to see if there is an issue. For example, check your Amazon account or financial institution’s online banking program for any suspicious activity. The best way to stop smishing attempts is to ignore them. Once you engage, the scammers know that phone number is valid and they can sell it to other scammers which will only resort in more texts to your phone.

Wrong number or “accidental” texts– Texts may be, “Hey, can I make an appointment for my dog at your salon?” or “Jill, the meeting has been changed to tomorrow at 8am.  Don’t be late!”  Being a good Samaritan, you want to let that person know that they’ve sent a text to the wrong number, after all, you don’t want Jill to miss the meeting! But try to refrain from answering the text because it just let’s the fraudster know that your phone number is in use.

Scammers are looking for engagement. A text that simply says “Hi” is cause for concern.  The scammer waits for you to respond that it’s a wrong number. As long as you respond, they can start a conversation. The conversation will eventually lead to money because it always does.

What to do to protect yourself from Smishing aka Text Scams and report the Scam

  • Never click on links in unsolicited text messages.  Scammers use links to infect your phone with malware or send you to fake websites that steal your information. Never click on a link in a text message unless you are ABSOLUTELY SURE who sent it.
  • When in doubt, contact the company, agency, or individual through your own resources.  Fraudster can impersonate everyone from your bank to your boss. If you get a text message that you think you need to act on, contact the person or organization directly first to make sure it’s legitimate.
  • Don’t be rushed.
  • Never provide your personal or financial information in response to text messages from unknown senders. Verify the identity of the sender and take the time to ask yourself why the sender is asking for your information.
  • Use the same safety and security practices on your cell phone as you do on your computer.
  • Bottom Line: Don’t click any suspicious links!
  • Ignore and Delete

Report the Spam text message by copying the message and forward it to 7726 (SPAM). This helps your wireless provider identify and block similar messages. You can also report it to the FTC at reportfraud.ftc.gov.

Here are some examples of real Smishing attempts:

Example Smishing Attempt

How to tell if it’s a scam: 

  • You receive a fraud alert text from a credit or debit card company that you don’t use. 
  • You’re asked to confirm your identity by providing your full name, credit card number, and PIN.
  • The link in the text is different from that of your debit or credit card provider. 

Notify your financial institution or credit card company via the appropriate channels or call the number on the back of your card-not the one contained in the text.

Example Smishing Attempt

How to tell if it’s a scam text:

  • You aren’t expecting a delivery from this company. 
  • The text message comes from a long or unusual phone number. 
  • The link in the text is obscured or doesn’t come from an official USPS, UPS, or FedEx website. 

Example Smishing Attempt

How to tell if it’s a scam text:

  • You received a text claiming to be from someone you know, but the sender uses strange language or asks things you wouldn’t expect of them. 
  • The sender requests you to send payment through unconventional means such as cryptocurrencies, Venmo, Cash App or gift cards. 

Example Smishing Attempt

How to tell if it’s a scam text:

  • The text claims to be from a bank but uses an unofficial number.
  • The sender requests personal information via text or phone call. 
  • The text is from a bank or financial institution that you don’t use (or haven’t used in years).

Example Smishing Attempt

How to tell if it’s a scam:

  • You received a text about winning a competition or lottery you never entered. 
  • The sender wants you to click on a link, pay a fee, or text an unknown number. 
  • The sender wants you to “confirm your identity” by sending them your personally identifiable information.

When you receive a text message that looks “weird”, always pause to figure out your best course of action. When in doubt, visit the retailer’s or financial institution’s website directly and never engage with a fraudster over text messages.