Don’t Answer that Text!

So, you’re in the middle of your day and you get a text message from your bank asking you to take a quick action to protect your account. You’re very concerned and want to do what they advise. Should you respond?

Or maybe you realize, “Wait, that’s not my bank.” And you wonder, “Why are they reaching out to me? Should I follow up and find out what’s going on? Or let them know they’ve got the wrong number?”

Short answer: no. Slightly longer answer: it’s a scam.

According to the FCC, this is called “smishing.” You may have already heard of phishing – or email scams – but now scammers can also target consumers with deceptive text messages sent to their smart devices. It’s called smishing: a mashup of SMS – for short message service – and phishing.

Unfortunately, smishing is becoming ever popular as smartphone uses increases. Recent estimates say that about 2.5 billion people in the world have smartphones, so that’s a pretty sizeable target group for scammers. Plus, it just takes a few confused users within that 2.5 billion to make it worth a scammer’s while.

The FCC says that a typical smishing scam message may seem like it’s from your financial institution and include a link or phone number to bait you into clicking or calling. If you do, you stand a good chance of being hooked. And that’s when the scammers get to work, manipulating your personal information, which they can sell and/or use in other scams. Smishers may also try to entice you into downloading malware to your device.

Things you can do to avoid being a victim of a smishing attempt include:

• Never click links, reply to text messages or call numbers you don’t recognize.
• Do not respond, even if the message requests that you “text STOP” to end messages.
• Delete all suspicious texts.
• Make sure your smart device OS and security apps are updated to the latest version.
• Consider installing anti-malware software on your device for added security.
• Validate any suspicious texts. If you get a text purportedly from a company or government agency, check your bill for contact information or search the company or agency’s official website. Call or email them separately to confirm whether you received a legitimate text. A simple web search can thwart a scammer.

Watch for Spoofed Calls Too

Be aware too that your Caller ID is a target too. Caller ID spoofing is a newer scam where you get a call that looks like it’s from a local number or familiar name, but the displayed info is part of the scam. For example, robocallers use “neighbor spoofing,” which displays a phone number similar to your own on your caller ID, because that increases the likelihood that you will answer the call.

Spoofing as a scam is often used to trick someone into giving away valuable personal information that can then be used in fraudulent activity or sold illegally. But do note, there’s also a legitimate use, such as displaying a business’s toll-free number.

If you do answer a spoofed call, hang up immediately. Don’t respond to questions, especially ones that can be answered yes or no. And don’t give out personal information, such as account numbers, Social Security numbers, mother’s maiden name or other identifying information. If you get an inquiry from someone who says they represent a company or a government agency (like the IRS), hang up and call the number on your account statement, in the phone book or on the company’s or government agency’s website to verify the authenticity of the request.