What is Smishing or SMS Phishing?

Smishers accomplish this by sending fraudulent text messages to mobile phones while posing as legitimate corporations (such as delivery services, utility companies, financial institutions, or government agencies) or trusted connections. They fool victims into revealing personal data or business-related information, such as names, dates, credit card numbers, financial information, social security numbers, login information, and passwords, by taking advantage of their confidence. Then they either exploit the data to steal identities, siphon money from bank accounts or reroute payments into their own pockets. They may also sell the data on the black market.

One of the key factors in their decision to use smishing is that SMS click-through rates are higher than email’s, at roughly 20% as opposed to 3-5%. An SMS has a higher chance of being read and responded to than an email, which has a response rate of 6% on average. Scammers can also disguise the source of smishing messages by utilizing techniques like spoofing or text-to-email software.

Fake security alerts

Examples of common smishing scams.

Here are some types of smishing attacks that scammers may use to deceive and defraud you under the guise of someone you trust:

Fake security alerts

Picture this: You get a notification that your account has been compromised, and you need to re-verify your information and change your password.

It’s important to question the legitimacy of such claims. These fake security alerts are a classic smishing tactic precisely because they grab your attention. Scammers aim to deceive you into sharing your existing login credentials. If you do end up sharing your login credentials, the scammer can now change your real password, and you won’t be able to get into your account.

Prize, Lottery or contest scams

Everyone likes to win, so scammers prey on that desire by sending out texts that look like they’re from companies you trust, announcing that you’ve won a gift card or some other contest. All you have to do is fill out a form to verify your information, and the prize will be yours.

Except there’s no prize. And once you fill out that form, the scammer has your information.

Shipping scams

“Your package couldn’t be delivered, and we need to re-verify your address.” This is a common shipping scam message. Most major carriers get impersonated by smishers regularly. Watch out for shipping scams pretending to be from UPS, FedEx, and major e-commerce retailers like Amazon.

Fake invoice scams

Related to the shipping scams are invoice scams. You’ll get an invoice that appears to be from a trusted source like PayPal or a reputable shipping company, claiming you owe them money.

But the invoice is fake, and if you pay it, not only do they get your money, but they also have your credit card numbers and other data to extract more from your accounts. Afterward, they may sell your information on the dark web as well.

Verification code requests

Unfortunately, scammers have found a way to exploit multi-factor authentication. In this scam, you’ll get a text saying you need to enter a verification code to confirm that some event has happened. It could be a money transfer, a purchase, a password change, or some other event that needs verification.

But the reality is that no genuine event happened in the first place. And once you unwittingly confirm this request, the scammers have whatever information you just gave them, potentially granting them access to your accounts and personal data.

Tax scams

This is a rather urgent and unsettling tactic from fraudsters who impersonate tax authorities. They might send messages saying that you owe money on your taxes and that there will be dire consequences if you don’t settle your debts soon. However, it’s important to recognize that government agencies typically don’t operate like this, and if you do owe money, they’re not going to send you a text message. When you genuinely owe taxes, the government’s approach will be more formal, like a written letter in the mail or other methods of communication.

On the flip side, another tax-related scheme might say that you have an unclaimed tax refund. Instead of fear, you’re motivated by the allure of a sudden cash windfall to respond.

In both cases, it’s crucial to discern that these communications aren’t from government agencies, and if you respond, you risk placing your personal information into the hands of fraudsters with malicious intent.

Fake financial alerts

Financial alert scams might aim to inform you about recent or impending events related to your bank or credit card accounts via SMS.

These alerts often reference different scenarios, like money transfers from or to your accounts, changes to your account, new benefits, or special offers that are only available for a limited time, and that you need to take some immediate action. Make sure to stay vigilant and verify the authenticity of such messages to safeguard your financial security.

Textes claiming to be from someone you know

The “trusted friend” scam is a particularly difficult one to spot if you’re not paying attention. If a friend or work colleague’s
information has been compromised, the scammer may be able to send you a message that is from their phone number.

They may tell you about a family emergency they need help with, a contest they just won, or some other message. If it doesn’t sound like something your friend or colleague would send, it’s probably because they didn’t.

You’ll learn how to deal with suspicious texts like this in the next section.

Sensitive information requests

This encompasses any other suspicious message via SMS. If you’re contacted via text message and are asked for sensitive data or asked to click on a link, but the explanation for why just doesn’t seem right, it’s probably a scam.

The bottom line is that very few legitimate companies will ever request sensitive information via text message. Reputable companies are aware of the significant fraud risks associated with this and, as a result, refrain from doing it.