Protect Yourself from Smishing Attacks
In a world where apps can almost run our lives for us, the humble SMS text message has outlived them all – and it’s still going strong. Unfortunately, though, texting has come under attack as one of the most vulnerable mediums for identity theft and more.
Here’s what you need to know about an SMS-based scam called “smishing.”
How it works
Smishing scams are similar to email phishing scams in which scammers target victims by sending an email that appears to be from their bank or credit union, internet service provider, or one of their favorite businesses. Smishing scams use text messages instead of emails, but their goal is the same as phishing scams’: to establish contact with the victim and access their personal information.
The scam begins with a supposedly urgent text appearing to be from the victim’s financial institution of choice. Sometimes, it’s from a bank or credit union with whom they have never done business!
The text claims the victim’s checking account is locked and that the victim must take immediate action to restore it. Alternatively, the text may alert the victim about a large, unauthorized purchase that was charged to their account. The scammer warns that, if the charge is not contested immediately, the victim will be responsible for the transaction. There are more variations, but they will always convey a sense of urgency to induce panic and trigger immediate and mindless obedience.
The victim is then instructed to call a specified number and, upon doing so, will be asked to share personal financial information. Once they’ve got their hands on this info, the scammer is free to steal the victim’s identity, empty their accounts or go on a shopping spree on the victim’s dime.
Who are the victims?
Smishing scams primarily target people who use mobile banking apps and sites. Victims who use their phones to manage their accounts don’t question when their financial institution appears to contact them by text message and, unfortunately, these smishing scams are often successful.
It isn’t just online banking users who need to be wary of smishing. Fraudsters have widened their net and have recently started sending messages to any cell phone number they can get their hands on.
If you own a checking account and a cell phone, you are vulnerable to a potential smishing scam.
Recognizing smishing scams
If you know what to look for, you’ll be able to spot a smishing scam at first glance.
First of all, KCCU will not use a text message to alert you of a lockdown on your account; we prefer to use more personable contact methods to help ensure your privacy and personal security.
Our Fraud department may send a text to verify recent purchases, but we NEVER include a link and the last four digits of the card used for the purchase in question will always be included. If you are unsure, if a fraud alert is legitimate or not, pick up the phone and call us directly, using the number on the back of your card.
You can also spot the smishing scam just by looking at the phone number. The text will often appear to come from a number that is obviously fake. Alternatively, it can appear to have come from one of your contacts who is kindly letting you know about the trouble with your account. In such cases, ask your friend (directly, not in response to the message) if they actually sent it. If they have no idea what you’re talking about, someone is using their number to lure you into a scam.
If you’ve been targeted
If you receive a suspicious-looking text that might be a smishing scam, do not engage the texter! Jot down the scammer’s number and delete the message. Let us know about the smishing attempt and tell all your friends. You can also alert the FTC at ftc.gov so they can help catch those crooks.
If you’ve fallen for such a scam and your accounts have been compromised, alert your credit card companies and be sure to let us know as well. We’ll help you mitigate the damage and regain control of your finances.
You can’t insulate your phone against these scams, but there are some proactive steps you can take to protect yourself, your device and your money.
Always use two-factor authentication
Most credit unions require a two-factor sign-in, but if you have the choice of opting out of this extra step, don’t take it! It’s not worth the added risk.
Strengthen your passwords
Never double your password use across different accounts, websites and apps. Make sure your passwords are strong and unique. Consider using a password manager like Dashlane or 1Password.
Don’t click that link
Never click links in a text message from an unknown sender or if you are unsure the person is who they say they are!
Ignore text messages from unknown numbers, even if they’re not alerting you about a problem with your accounts. A text from an unknown source may be the scammer’s first attempt at establishing contact and determining if you’re a willing target for a future scam.
Make sure you are always on the alert for smishing scams. Don’t let those crooks get their hands on your money!
« Return to "Blog"