SMiShing is short for “SMS phishing” and is an attack against a cellular phone or other mobile device. Victims are typically tricked into downloading a Trojan horse, virus or other malicious file onto the phone.
To understand SMiShing, you must first know that SMS is short for “Short Message Service,” but you likely know this simply as text messaging.
How do SMiShing scams work?
SMiShing scams aren’t all too different from phishing scams, but they rely on your smartphone or electronic tablet to work.
Scammers may send you a text message that appears to be from a bank, utility company, government agency or other service asking you to take a particular action. They often work better than phishing scams because many victims are quick to believe what they receive on their phones. If the threat had been present in an email, they may have been skeptical to open.
SMiShing may send a victim to a particular website or ask them to call a phone number. Once the website has been visited, it could infect your phone or tablet with malicious programs. Likewise, if you dial the number sent to your phone, you may be urged to provide personal information such as your credit card number, account number, birth date, address, or other details.
Once you’ve provided that information, criminals can either use it to steal your identity and make unauthorized charges from your bank account, or they could sell your information to others who intend to do harm. Either way, it leaves you susceptible to fraud and could hurt your credit score.
How can I avoid SMiShing scams?
- First of all, treat your phone and tablet just as you would your computer. Be suspicious of text messages from unknown senders, even if they appear to be from legitimate companies or services. And keep your electronic devices updated with the latest security features.
- Remember that most government agencies and legitimate banks or other companies will never ask you to provide sensitive details, like a password or credit card number, through a text message. Don’t click on links that are sent in text messages, especially if you don’t know the sender.
- Think twice before providing your cell phone number to any website that asks for it, and don’t call any number given to you in a text message. Instead, if you have concerns about a message you received, contact your bank or other agency to verify the details of the message using a number found on your statement or another legitimate source.
- Never respond to SMiShing messages. Doing so only verifies to scammers that your number is real and could result in your receiving more and more scam attempts.
Should I report SMiShing attempts?
If you receive a suspicious text message that appears to be from a particular bank, company or government agency, contact that entity and tell them about the scam. This could help the agency warn others about the threat and possibly even track down the source.
You can also file a complaint with the Federal Communications Commission and the Federal Trade Commission’s Consumer Response Center by logging onto their websites (www.fcc.gov and www.consumer.ftc.gov).