You’ve probably gotten one already: a text from a strange number (maybe even your own) advertising CBD gummies, confirming a package delivery, or letting you know a bill has been paid, complete with a seemingly unsuspecting link. These texts are scams called “smishing,” and apparently they are on the rise.
Agents of chaos that are sending these texts are “smishing,” which is a portmanteau of SMS and phishing, and they are trying to get a hold of your personal information and your money. First, smishers will send you a text typically masquerading as a reputable company. Common smishing attempts specifically involve parcel carriers like UPS, FedEx, or Amazon informing someone that their package has been delivered, reports the New York Times citing Teltech. Reader’s Digest also states that other tactics involve fake texts from your bank, or friendly texts using a common name. The messages almost always have a link to an unsuspecting malware download.
There has been some anecdotal evidence popping up recently to indicate an uptick in smishing attempts across the country. If there was any reason to switch to AT&T, the Verge reports that Verizon users are specifically being hit hard by smishing. The Verge also cited a Verizon spokesperson who said that the company is aware of the issue and is working with law enforcement to crack down.
CNET reported data from the cyber security firm Proofpoint that smishing attempts increased 24% in the U.S. alone and 69% globally last year. In a blog post, ProofPoint stated that they tracked a 328% increase in smishing attempts in the third quarter of 2020 as the move to work from home pushed more people onto their phones. Banking messages were by far the most commonly used tactic.
According to data from the Federal Trade Commission, 21% of fraud reports that were filed in 2021 involved smishing–that’s 377,840 out of the total 1,813,832 reports that identify a contact method. Of those hundreds of thousands of claims, a total $131 million was lost, with an average of $900 per report. Ouch.
It’s apparently getting so bad that the FBI’s Internet Crime Complaint Center posted a PSA last week on how scammers are obtaining information by sending messages posing as bank fraud alerts. They suggest:
- Being skeptical of unsolicited requests for information sent by text and phone call
- Contacting the bank or company associated with the text request
- Relying on multi-factor authentication for extra security