Beware of Smishing Scams!

In the last month, I’ve been hit with four smishing scams. These scams are perpetrated via text message rather than email but they’re just as threatening as conventional phishing scams. Here’s how to spot them, and what you can do to protect yourself from becoming the next victim.

The four scams that hit my cell phone came in a variety of disguises. One was supposedly from Netflix informing me that my account had been locked; another was from Amazon telling me my account was closed; the third was from USPS telling me that unless I clicked on a link and provided an address, a shipment would be returned; the last was from a bank telling me there was suspicious activity on my credit card.

Thankfully, I don’t have a Netflix account, I didn’t recognize the bank, I had just placed an order on Amazon so I knew my account was fine, and I was not expecting any shipment through USPS, so I knew not to click on any of those links. But what if the next smishing scam is more clever and tricks me into clicking the link?

This could easily happen, especially to the unwary. At present, less than 35 percent of the population knows what a smishing scam is all about. Sadly, this explains why there has been such a dramatic increase in the number of these scams – 87 billion texts were sent in 2021.  As a result, the Federal Communications Commission (FCC) reported that between 2015 and 2022, the number of robotext complaints skyrocketed from 3,300 to 18,900 per year and cost American $10 billion in 2021 alone.

So what are these scams all about?

According to Consumer Reports, “The word smishing combines SMS, the primary technical format for text messaging, and phishing. As in other phishing attacks, the criminals masquerade as government workers, tech support representatives, long-lost friends, or financial institutions, and try to lure people into divulging personal details that could lead to fraudulent credit card purchases or identity theft.”

They almost always pose as trustworthy entities in order to entice the victim to click on a malicious link. For example, while writing this article, I received a smishing text from a sender identifying itself as Truist Bank which read: “Please call our 24/7 Support at [phone number] #MSG-ID-91927. Debit card is currently locked! MSG for named [my cell phone number].”

I don’t have an account with Truist Bank and this smishing text was promptly reported to my provider.

The most common entities used in smishing texts are Amazon, Netflix, Apple, Pay Pal, USPS, and government agencies such as the IRS.

According to the FTC, typical content in these messages may include notices that: https://consumer.ftc.gov/articles/how-recognize-and-report-spam-text-messages

• There has been some suspicious activity on your account
• There a problem with your payment information
• Contain a fake invoice and tell you to contact them if you didn’t authorize the purchase
• Are sending you a package delivery notification

“…[T]hey might tell you to click on a link to learn more about the issue. Some links might take you to a spoofed website that looks real but isn’t. If you log in, the scammers then might steal your username and password,” the FTC warns.

Some of the most alarming are those that impersonate government institutions like the IRS and lure people to click on the link by offering fake COVID relief or tax credits, or help setting up an IRS online account.

“In the latest campaign the IRS has seen, the scam texts ask taxpayers to click a link which leads them to phishing websites. Typically these websites are set up to collect the visitor’s information, but potentially could also send malicious code to their phones,” the IRS reports.
“This is phishing on an industrial scale so thousands of people can be at risk of receiving these scam messages,” said IRS Commissioner Chuck Rettig. “In recent months, the IRS has reported multiple large-scale smishing campaigns that have delivered thousands – and even hundreds of thousands – of IRS-themed messages in hours or a few days, far exceeding previous levels of activity.”

The best way to safeguard yourself from an IRS smishing scam is to remember that the agency NEVER sends emails or text messages asking for any kind of personal or financial information or account numbers. You will ALWAYS be contacted in writing – not by phone, text, or email.

USPS is another favorite lure by scammers and it often works if a person happens to be tracking a package. However, as the post office confirms, they do offer free tools to track specific packages, but customers are required to register online, or initiate a text message, and provide a tracking number.

“USPS will not send customers text messages or e-mails without a customer first requesting the service with a tracking number, and it will NOT contain a link. So, if you did not initiate the tracking request for a specific package directly from USPS and it contains a link: don’t click the link!”

As for retailers such as Amazon, scammers are trickier. They may send you a text message saying that your payment for an expensive item – that you did not purchase – went through and if you have any questions, to call a specific number. When you call, you’re directed to a call center run by scammers who read you a list of other phony big-ticket items you supposedly bought, then say your account has been compromised and they can fix it but need access to your computer.

These scams are getting even more sophisticated. A new tactic used by con-artists is to  capture about three seconds of your voice either from a social media posting or by calling them on the phone. The scammers then use AI technology to create a message that impersonates you to a loved one who is told you’re in trouble and need money. The caller sounds exactly like you.

“You get a call. There’s a panicked voice on the line. It’s your grandson. He says he’s in deep trouble — he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You’ve heard about grandparent scams. But darn, it sounds just like him,” FTC consumer education specialist Alvaro Puig wrote on the agency’s site.

The FTC warns people to always contact the person directly to make sure they actually placed the call.

Other popular scams claim you’ve won a prize, can help to pay off student debt, or offer you a low or no interest credit card.

Consumer Reports offers many common sense ways to avoid becoming a victim of scamming. For example, never reply or click on any links in an unwanted text. If you receive one from a company you do business with, always check with the company first to confirm the text. Use blocking features available from most providers. Beware of any messages that claim to be from government agencies.

Most importantly, always forward a copy of the suspicious text to your provider at 7726 which automatically reports the caller to a common database used by cell phone providers to track and stop these calls.

Clilck here for a more complete list of safety tips.

© All Rights Reserved, Living His Life Abundantly®/Women of Grace®  http://www.womenofgrace.com

 

Comments are closed.