Smishing Scams: What Are They?

Unethically creative identity thieves have a new trick up their sleeves, and financial institutions nationwide have reported a recent surge of this scam targeting their customers.

“Smishing,” an SMS-based phishing scam, uses technology to send text messages to a victim’s cellphone impersonating their financial institution, internet service provider, or another company they trust.

How Smishing Scams Work

In many of these cases, the scam begins with urgent text messages claiming to be from the individual’s financial institution. There are several variations to the message in the text, but they all convey a sense of urgency to induce panic and trigger immediate and mindless obedience.

1. Your attention is needed on your account.

2. Your account is locked. You must take immediate action to restore it.

3. A large, unauthorized purchase that was charged to your account. You will be responsible for the transaction if the charge is not contested immediately.

4. Attention. Fraudulent activity has been detected on your account. Act Now.

Oftentimes, the scammer will incorporate some personal details about the victim, which they easily pull off the internet, to convince them of their legitimacy. The victim is then instructed to email or calls a specified number and, upon doing so, will be asked to share personal financial information. Once they’ve got their hands on this info, the scammer can steal the victim’s identity, empty their accounts or sell your information to other scammers.

Alternatively, the scammer may lead a victim to click on links that are embedded with spyware. The links lead to a website that may look just like the financial institution’s site but is actually bogus. In such instances, the victim is probably certain they’re browsing their credit union’s website and won’t hesitate to share information or input usernames and passwords.

Who Are The Targets?

Unfortunately, smishing scams are often successful because people are conditioned to respond to text messages and mistakenly assume the content of text messages is secure. These scams primarily target is anyone who uses mobile banking apps and sites.

It isn’t just online banking users who must be wary of smishing. Information thieves have widened their net and have recently started sending messages to any cellphone number they can get their hands on. If you own a checking account and a cellphone, you can be targeted by a smishing scam.

Was My Account Hacked?

How scammers acquired your number and know your banking relationship is a scary thought that leads many to assume, their financial institution was hacked. Fortunately, this is rarely the case.

More than likely, your phone number has been compromised, and your information has been illegally sold. Hackers can access your personal data through your day-to-day activities like using public USB charging ports or wi-fi networks, clicking compromised emails, installing malicious apps, and engaging with online contests, promotions, service subscriptions, or other unsecured websites.

If there has been a compromise on the WeStreet security, we will notify you immediately of the steps necessary if needed.

Recognizing Smishing Scams

If you know what to look for, you’ll be able to spot a smishing scam at first glance.

First of all, your financial institution will never ask for sensitive information through unsecured channels like text messaging. You can set up text alerts from Online & Mobile Baking at WeStreet, but these alerts will never ask you to input private or personal information via text or any other method.

If you are unsure about a text you have received, contact your financial institution using a phone number you know is real (do not trust the information provided by the suspicious text message) and verify that the message is real with someone at your credit union or bank.

Legitimate text messages are usually sent from a six-digit short code or a 10-digit commercial long code and follows the SMS compliance rules laid out by the Cellular Telecommunications Industry Association (CTIA) and the Federal Communications Commission’s (FCC) Telephone Consumer Protection Act (TCPA). 

Targeted By Smishing Scams

The best way to stop scammers in their tracks is to report every attempt they make. You may receive a suspicious-looking text that might be a smishing scam, do not engage with the sender or click on any links. Jot down the scammer’s number and take a screenshot of the message.

There are four ways to report a smishing scam:

First, report it to the WeStreet Fraud Center. We will secure accounts and information and make the necessary changes.

Then, contact your carrier directly or copy the message and forward it by texting the shortcode 7726. You’ll then receive an automated message from your wireless carrier asking you then to enter the phone number from which the spam text was sent.

Next, filter your text messages from unknown senders and report spam or junk to your messaging provider.

Finally, report it to the Federal Trade Commission.

Protecting Yourself and Your Phone

There are proactive steps you can take to protect yourself, your device, and your money. You may not be able to protect your phone from receiving scams, once your information has been compromised.

1. Always use two-factor authentication. You may have the choice of opting out of this extra step, but then it isn’t worth the risk.
2. Strengthen your passwords. Never double your password use across different accounts, websites and apps. Make sure your passwords are strong and unique.
3. Don’t respond. Ignore text messages from unknown numbers, even if they’re not alerting you about a problem with your accounts. A text from an unknown source may be the scammer’s first attempt at establishing contact and determining if you’re a willing target for a future scam.
4. Be careful when asked for your telephone number. Giving your phone number in response to contests or online promotions can lead to unwanted calls and messages.
5. Never respond to unsolicited text messages. It only lets the sender know they’ve reached a working number and may lead to more messages in the future.
6.  Do your research before subscribing to services online or installing apps. Read reviews, access permissions, terms, and conditions.