Data Security

How to Avoid Sophisticated Smishing Scams

What is a smishing scam?

“Smishing” is a scam that uses text messaging to entice victims to share their personal information. The goal, of course, is to steal. They may steal your money or even your identity—but only if you play along with the scammer.

How smishing works

In many instances, a smishing attempt will appear as a text message made to appear as if it is coming from your financial institution with a message designed to elicit a response, such as:

  • “Your contact information has been changed. If this was not you, please click the link below.”
    -or-
  • “A charge for $457.65 has been made on your card. If you did not authorize this, please call the number, or use the link below.”

If the link is clicked, it typically will ask for your personal information, date of birth, Social Security Number (SSN), debit/credit card numbers, account numbers, online banking username and password, etc. If the number is dialed, they will try to gain much of the same information, and they may even ask for you to send money to them. They might even claim to be sending you a code to your phone. In reality, this is the code being sent from your financial institution when someone new logs into your online banking. If you provide them with your username, password and the code number sent to your phone, they can take over your accounts and set up fraudulent payments. They may also take over your identity.

In either scenario, the scammer fabricates a transaction to frighten you into action. Once you act, their goal is to continue to appear trustworthy as they claim to be from your financial institution. Your best defense against these scams is to be vigilant and carefully consider the details before acting.

How can I avoid these scams?

The key to staying safe from these scams is by looking for red flags, which are often suspicious attributes in the text. Keep in mind your financial institution already has your personally identifiable information, including card numbers, account numbers, and online banking information—so there is no need for them to ask this from you via text.

Further, a close review of the links inside the text messages will usually reveal them to be random or spoofed websites that resemble a financial institution with only a minor misspelling. The phone number that sent the message may not even look like a real number. Either way, it is always safest to avoid clicking on any links or replying to the message. Instead, check your accounts on your financial institution’s mobile app or contact them directly to ensure that everything is in order.

What should I do if I suspect I may have fallen victim to a scam?

If you feel you have become a victim of fraud and provided sensitive information, contact your financial institution immediately. If you are being threatened by the scammer, contact your local law enforcement as well. Remember, the banking system is secured to prevent fraud, but it requires each and every one of us to avoid providing the scammers with the keys.