SMiShing Scams: The New Danger

SMiShing Scams: The New Danger

by Leslie Freeland, March 9, 2019

Text Messaging Gone Bad.

Scams can come in several sneaky ways — hopefully you’re familiar with the phone call and email phishing scams. Now, the newest con is via text message (aka SMS), and this type of scam is known as SMiShing.

Hook, line and sinker. Definitions.

Phishing: Pronounced like the pastime fishing, phishing came into existence in the 1990s by way of the telephone and then spread like wildfire when email technology came along. Phishing earns its name from how the fraudster uses bait to catch an unsuspecting victim. Phishing involves a fraudulent attempt to get your sensitive information which usually includes credit card details, bank account numbers, usernames or passwords.

SMiShing: Now, thieves have turned their attention to text messages using SMiShing scams. So the next time you get a text asking for personal details, inviting you to call a phone number or asking you to click on a link, be very suspicious.

What They Look Like

The examples below are just SOME spam texts you might receive. There are many more variations than what is shown here.

The “Problem”

You get a text that appears to be from your bank, your cell service provider, the local authorities, etc. telling you there’s been a problem.

  • “Your card has been deactivated. Please call to reactivate your card.”
  • “We need to verify your password to make sure you are the actual owner of this account.”
  • “Your taxes are overdue. Click here or call this number to avoid a late fee or jail time.”
  • “You have been fined, and a warrant for your arrest has been issued. Click here to resolve.”
  • “Your account is expiring. Click here to continue service.”

Example Provided by AICPA*

The “Prize”

You get a text telling you that you have won a prize or you can enter in a contest. If it sounds too good to be true, it probably is.

  • “Call now to claim your prize.”
  • “Click this link now to win a trip for two!”
  • “Congratulations, you won! Just go here to claim your prize. Make sure to enter the code provided in this text.”
  • “You can win a vacation of a lifetime! Just click on this link and fill out the form to enter the contest.”
  • “Log into your account to redeem your reward.”
  • “Great news! You have won a $100 gift card!”

Example Provided by 24HourSupport*

The “Free Trial Offer” & “You Have Been Selected”

A company texts you about a free trial offer or claims you have been selected for a job opportunity. Scammers know brand names will get a better response, so the text may even say something like:

  • “Call now for a free trial offer for a 24 Hour Fitness membership.”
  • “Click here to sign up for your free trial offer of Netflix.”
  • “You have been selected for a new work from home opportunity.”

Example Provided by snakeriverBBB*

The “Refund”

An organization or company tells you you have a refund coming your way. All you have to do is call a number and answer some questions or click on a link and fill out the form.

  • “You have unclaimed beneficiary money from a deceased relative. Click here to claim the money.”
  • “You are receiving a tax refund for the year 2018. Call this toll free number to activate the refund process.”
Example Provided by J. Lee on Pinterest

Example Provided by J. Lee on Pinterest*

 

The “Services Needed or Provided”

These texts are very convincing. They sound like a real person who needs a babysitter, dog walker, house cleaner, personal assistant and more. You will also see the opposite message – someone claiming to provide these same services.

Example Provided by Pet Sitters International*

Example Provided by Pet Sitters International*

 

Example Provided by The Daily Scam

Example Provided by The Daily Scam

“It’s Personal”

Don’t trust caller ID. You may even receive a text from what looks like a relative, a coworker, a friend, or a friend of a friend. This one can be tricky to spot, but there are usually signs.

  • “Hey, this is Joe. Your friend gave me your number and thought we should meet. If you want to hang out, just call me at _______.”
  • “Hey Heather! What’s up! I saw this sale online and thought of you. Just click on the link and fill out the form. You’ll get a free makeup kit!” (but you know Heather is never enthusiastic, and she hates makeup)
  • “Look at this special! I claimed two free concert tickets. You can too! Just click here and fill out the form.” The text you get looks like it was forwarded from a friend.
  • “Is this really a pic of you?” With what looks like a link for you to see the photo.
  • “I forgot our bank password and I’m out of the office. Can you please send it to me?”

 

Example Provided by Elite Personal Finance*

 

Example Provided by News Corp Australia*

 

Example Provided by Boing Boing

Example Provided by Boing Boing*

The “Purchaser”

Many times, when you list an item on Craigslist, you will start receiving messages from what appears to be a legitimate buyer – but they are not. You will quickly learn to identify scammers from real buyers. Legitimate buyers don’t ask you to email them or click on a link. They want to be texted back directly, and they won’t list the entire item name out. For example, in the first example below, the scammer lists the entire subject title of the ad, but it is more likely the buyer would just say “pottery.” This is especially true in the Collectibles and the Musical Instruments categories on Craigslist.

  • “I’m interested in your Made in Japan Bug Eyed Pottery Dog with puppy. Willing to pay $500.” Also, you have the item listed for only $50.
Example Provided by Sticky Things

Example Provided by Sticky Things

 

Other Misc Examples

“Lost Phone”

Example Provided by the Apple Support Community

Example Provided by the Apple Support Community

“View Your Bill”

Example Provided by Komando*

Example Provided by Komando*

“Server Upgrade”

Example Provided by M6iT Consulting*

Example Provided by M6iT Consulting*

“Free Money”

Example Provided by VCU Phishing Net

Example Provided by VCU Phishing Net*

“Delivery”

Example Provided by Aus Post

Example Provided by Aus Post

 

How They Work

You Respond

  • You call the number, respond to the text or click the link.

You Give Away Your Information

  • When you call the number or click on the link, you are then prompted to provide information. This may be your full name, address, additional phone numbers, PINs, passwords, credit card numbers and more.

A Virus Downloads

  • When you click on the link in the text, there is a chance you might be downloading harmful software to your phone. Often this software is designed to harvest contact information from your “Contacts,” your bank information, passwords that your phone has saved and more.
  • Sometimes this software might also download unwanted apps on your phone.
  • Or the scammer may have installed code on your phone that records every keystroke you make while you fill out forms. So if you enter a credit card number to make a purchase, that information is sent directly to the scammer.

You Get Robbed

  • Now that they have your information, your credit card is used to purchase items or your bank account is drained.
  • If you don’t have unlimited text messaging, you may be charged for each text.
  • Often, the “toll call number” is not free. You may actually end up being charged! In this case, the scammers will try to keep you on hold for as long as possible.

Your Identity is Stolen

  • If you fill out forms or answer questions on the phone that include your name, address or social security number, they may be able to steal your identity. They can then use your identity to open new credit cards, commit tax fraud, use your health insurance and more. Your credit score could go down. You might start receiving bills for items you never purchased. Debt collectors might start calling you. You might have health insurance or coverage issues because someone else is making claims in your name.

The Text Is Spread Far and Wide

  • Your contacts stored on your phone might be automatically spammed with the same text. You have unknowingly shared the text, and most likely some of your contacts will too.

How to Avoid Being SMiShed

Register on the Do Not Call Registry

  • This won’t stop them all, but by registering on the Do Not Call Registry, you should be able to reduce the amount of text spam.

Block “Text Messages as Email”

  • Block all text messages sent to you as email. There is often a setting on your phone to do this, or you can call your carrier to help you. You will find many tutorials online. Just di a search for your phone type/name and the phrase: Block Text Messages as Email.

Block Individual Numbers

  • When one particular number is texting you repeatedly, you can block it.

Be Picky

  • Be picky about who you give your phone number to. Avoid posting it on the internet. Places like membership directories, chat rooms, alumni directories and more open you up to spam.

Don’t Call or Text Back

  • Do not call any phone numbers or respond to the text in any way. Asking them to stop texting you is probably going to have the opposite effect. They now know a live person is actually at that number, so you may receive even more texts! The scammer might even sell your number at a high price because they can show the buyer the number is active. Just delete the text.
  • Do not even respond if the message requests that you “text STOP” to end the messages.

Don’t Click on Any Links

  • If you click on a link, you might unknowingly download a software to your phone or be sent to a website that attempts to get your personal or payment information (a typical phishing website). Again, delete the text.

Don’t Give Out Information

  • No legitimate company or organization is going to ask for personal identity or payment information by text.
  • Do not share your personal details or security information such as your PIN or password, address, or payment information like a credit card number. Don’t ever share this information over the phone, through email or by text message – especially text.
  • If a company that you have a current relationship with, such as your bank, appears to be contacting you through text, don’t respond to the text, and ignore the contact details in the text. Call the company directly from a legitimate number – a number you find on a bank statement, the back of your card or on the company’s main website.

Recognize Typical Warning Signs

  • The phone number may not look legitimate. Do a reverse look up of the phone number you are receiving the text from. If it’s from overseas, be suspicious. Also, if the number is well-known for fraud, there will be information about it on the internet.
  • Banks or credit card services will not ask for “confirmation details” over text (or email).
  • The “from” identification is actually an email address and not a phone number.
  • There may be spelling or punctuation errors.
  • They may address you as Sir or Madam instead of using your actual name.
  • They often make it sound like you have to take action immediately.
  • There may be excessive use of capitalization or punctuation.
  • There is a “code” you have to enter somewhere.
  • You are being instructed to email someone.

Be Aware of a Sense of Urgency

It is unlikely that any text you receive needs an immediate response. You might see these phrases.

  • “Your account is going to be closed unless you immediately contact us at this number.”
  • “Your student loans are going into default status unless you contact us immediately.”
  • “Contact us now so you don’t lose out on this special offer.”
  • “Act now to claim your prize.”
  • “Act fast or this offer will expire.”

Get Software Protection

  • There is a variety of software or apps that you can use on your phone to protect yourself. Do a search online or through the app store and see what’s available.

Check Your Monthly Cell Bill

  • Evey month, go through your bill to catch any unexpected charges.

Report

  • If you get a text message that looks like a SMiShing scam, report it to the company who supposedly sent you the text. They can then alert other users of the SMiShing scam.
  • Report the spam directly to your cell service provider.
  • Report all text scams to the FTC  or call 888-382-1222.
  • File a complaint with the FCC or call 888-225-5322.

Looking Towards the Future

As technology progresses, and we get new ways to communicate, we all need to keep a lookout for new ways we can be scammed.

New communication technology means new scams.

Multiplayer Online Games

  • In fact, may online, multiplayer games such as World of Warcraft, allow players to communicate with each other. Maybe scammers could insert themselves in that conversation and ask for sensitive information or invite you to visit a certain website or call a certain number.

Augmented Reality

  • Then there is augmented reality, such as the game Pokemon Go. This game took the world by storm and was an instant hit. What if a scammer had inserted fake Pokemon characters into your reality so when you went to that location, instead of collecting your character, you were led to a scam? We will most likely be seeing more and more augmented reality experiences, meaning more opportunities for scammers.

Video Conferencing and Webcams

  • Then there are webcams and video conferencing. Maybe that ‘person’ joining a conference is not who you think they are.

Alternative Communication

  • There is even talk of being able to communicate more subtly with your mind through technology. This may be many, many years away, but if this actually becomes a reality, you can bet scammers will try their best to infiltrate the technology and steal your money or your identity.

Keep on Alert and Delete Those Texts!

No matter what happens, the rule to keep in mind is: if you are dealing with communication technology of any sort (phone, email, text, etc.), there is probably a scammer using it.

NOTE: Asurea does not send text messages asking for personal or payment information.

 

 

READ MORE:

 

 

Just as we want to protect you against scams, Asurea is dedicated to protecting you, and your loved ones with insurance. Asurea offers Life Insurance, Mortgage Protection Life Insurance, Medicare Supplement Insurance, Final Expense Insurance, Disability Insurance, Retirement Planning products and more. For additional information, click on the ‘Get A Quote’ button below. Want to have articles just like this delivered to your inbox? Just enter your email address in the box below and click ‘Subscribe.’

All content provided in this article is for general, informational purposes only.

 

Leslie Freeland

Leslie Freeland

Marketing Communications Coordinator at Asurea
Leslie joined Asurea as the Marketing Communications Coordinator in February 2015. Since then, she has been working closely with insurance professionals to educate the public on the importance of life insurance and protect the public from common scams with informational articles.
Leslie Freeland

Latest posts by Leslie Freeland (see all)