Smishing: What You Need To Know About Text Scams

Phishing can come from more than just an email, but the M.O. is the same. 
Cybercriminals want to trick you into opening a malware-laden attachment or click on a malicious link to collect your personal and/or business information.  

In fact, phishing via text or SMS messages is called SMiShing. Smishing is becoming an emerging and growing threat as texting is one of the most common uses of smartphones. Also, we are all aware of scam emails and have been for quite some time, but fraudulent text messages haven’t been as common in the past. When people are on their phones, they are less wary, and many assume that their smartphones are more secure than computers. This isn’t necessarily true, smartphone security has limitations and cannot directly protect you against smishing. 

Did you know that 93% of cyber breaches are due to human error? It is easy to click a link without even realizing who or where it’s from. We live fast-paced lives and if we aren’t extra careful, we can easily fall victim to clicking on a malicious link. 

Here is an example of an SMS text smishing scam:

In this example, the scammer is aware that Netflix recently increased its subscription prices. So, the timing of the text is relevant. The text also tries to panic the targeted person to click the link by saying that their payment has failed, and their account might be suspended. Scare tactics can be very successful for scammers. Also notice in this smishing text that the URL has Netflix in its name, but the rest of the link looks suspicious. We know that the legitimate URL for Netflix is Netflix.com, so there is no reason that Netflix would send you a link from a URL such as the one in the image above.  

If you are worried that your Netflix payment failed, we suggest you exit out of the text and open your Netflix app or go directly to Netflix.com to check your account and payment information directly. This is a much safer way to check your account than clicking on the link that the text message provided.  

Other Forms Of Smishing  

Other forms of text scams are the ones claiming you have a missing package, that you won a prize or giveaway, or that you have a family emergency (e.g. “Your grandson is in jail. He needs bail money right away”). Most of the time any smishing message will have a link included to click which is just a trick to get your personal information or to trick you into sending money or payment information. For more information on the many types of smishing scams check out this blog on How To Identify a Text Scam

How To Spot A Smishy Number:

Keep in mind when receiving text messages from legitimate businesses, the text will most likely be sent from either:  

  • A 6-digit shortcode (72044)  
  • A text-enabled, 10-digit toll-free number  
  • or a business landline. 

If you receive a text from an 11-digit number, it is most likely a scam!  

How To Spot A Smishy URL 

Another thing to check is the URL.  

The first thing to do is to look at the link (don’t click, just look). If it has any misspellings, if it is extra-long, or if it has any funny looking text don’t click it. In the smishing example above, “.lpages.co” is a dead giveaway that the link is a scam. 

Next, you should check to see if the URL is secure. A secure URL will have https:// in front of it. If the provided link doesn’t have https or http in front of it (like the link in the example above) copy and paste the URL into your browser bar and check for the secure “lock” icon next to it. 

There are also many link checkers online that will analyze suspicious links for free. The link checker will tell you if the link is going to direct you to malware or ransomware.  
Here are some popular link checkers: 

  • Norton SafeWeb 
  • Google Transparency Report 
  • URLVoid 

To read more about these link checkers read the HubSpot blog written by Clifford Chi.  

What Do I So If I Clicked On A Link? 

If you click on a malicious link, you need to change the passwords on any important or sensitive apps right away and make sure your new password is strong and secure (view our Strong Password Guide for more information). It’s very important to change the password on apps such as online banking, social media, or any other place with personal information stored. If you entered any payment information or sent the scammer money, get in touch with your bank or credit card company as soon as possible and let them know about the issue.  

Report A Smishing Message

You can report spam text messages directly to your cell phone provider. Some messaging apps have a “mark as spam” button so you can easily report the scam text.  

If you have ATT you can forward the text to 7726 (SPAM). ATT will not charge you for this service, if you have Verizon you can email phishing@verizon.com. You can also report them to  https://reportfraud.ftc.gov/#/

Questions? 

Please contact us today if you have any questions, concerns, or if you are interested in a Cyber Security Vulnerability Assessment.