The ordinary individual these days is clever enough to identify an email scam, which is why criminals have switched to SMS texts. Smishing (phishing by SMS) is on the rise, but here’s how you can prevent falling prey to it.
What Is a Text Message Scam?
The strategies of a text message scam are almost comparable to those used in a normal email phishing scam. “Phishing” is when someone poses as a representative of a reputable business or organization to acquire personal information, including your credit card data, bank account information, or social security number.
It generally starts with an email that sounds real. Within the body of the email, there’s a link to a “official” website that’s meant to fool you into handing out your login credentials, personal data, or money. The website is frequently indistinguishable from the genuine company’s, including the branding.
“Smishing” (a portmanteau of SMS and phishing) works almost identically. The fraudster sends a text message with a link to potential victims. Normally, the message urges you to verify your account credentials, make a payment, or claim a reward.
Crafting a phishing email that doesn’t instantly arouse suspicion needs some expertise. The fraudster has to be attentive of branding and tone and make sure the email is error-free. He also needs to hope a spam filter doesn’t capture the email.
SMS is such a simple means of communication, fake texts are a lot tougher to notice. Text messages are brief, which provides little space for noticeable spelling or grammatical issues. Also, URL shorteners are widespread in text messages due to the 160-character constraint.
This possibility hasn’t gone ignored by fraudsters even though sending text messages through a web interface is inexpensive and straightforward to perform. While there is evidence of mobile carriers implementing spam screening measures similar to those of email providers, many smishing attempts escape past the net.
There are lots of other frauds disseminated by SMS, as well. Social engineering, in which a fraudster approaches you personally and seeks to earn your confidence is also a concern. This sort of fraudster typically employs phone calls and emails in addition to SMS messages to look more credible.
Here are six things to bear in mind the next time you receive an unwanted text message that asks you to open a link.
Is the Message Relevant to You?
Scammers will do anything to persuade you to click on their link. For example, they may suggest you’ve won something. But did you enter any type of competition? You can be alerted that you have a parcel to pick up, but are you expecting anything?
A text message hoax containing a link that suggests the receiver has won a “mystery package.”
Sometimes, it’s a gift card for a place where you don’t shop. Other times it’s a last notice for a bill you’ve never received before. I’ve gotten mails about “prizes” from airlines I’ve never travelled with—and how frequently do airlines give away prizes, anyway?
Always remember the golden rule: If everything appears too good to be true, it generally is.
Don’t Tap Links in Suspicious Messages
Often times, text message scams contain a link, and, generally, the URL doesn’t match the corporate name. However, even if it does, you have no way of knowing if it’s safe or not. Some of these scams are meant to propagate malware, and, occasionally, all that is a tap (or click) on a link.
A text message fraud with a random link
To be secure, avoid tapping links in unsolicited SMS messages. In August 2019, consumers who possess iPhones were susceptible to malware merely by browsing a URL in Safari owing to a zero-day vulnerability. While this was the first (and, as of this writing, only) exploit of its sort, it’s a warning that you should never trust a random link.
If you do chance to tap a link, you can be transferred (sometimes numerous times) to a different page. If the address bar in your browser bounces you from one page to another in fast succession, that’s a solid clue you’re being attacked with a scam.
Don’t Fall for a Convincing Website
Suppose you accidently touch a link without giving it much consideration, and you see a highly official-looking website. Some fraudsters are proficient at building websites that seem identical to the organizations they’re trying to impersonate. Don’t fall for it!
A glance at the address bar should confirm any suspicions. Take a look at the sample below from the Australia Post fraud. The URL in the highlighted address box doesn’t match that of the official Australia Post website, which suggests it’s a hoax. However, some scammers go to tremendous measures to make their URLs appear plausible, too.
It’s shockingly easy to generate a carbon clone of a website just by copying the page and uploading it elsewhere. Sometimes, the whole website functions as it normally would, including the “About Us” links and other unrelated content.
Pay Attention to the Grammar
A high number of smishing efforts originate in nations where English is not the official (or first) language. As a result, many fraudsters make spelling or grammar faults that should be quite straightforward for a native speaker to identify.
This may be as easy as a misplaced word, poor capitalization, or a sentence that just feels “off.” Check out the double-space issue in the message below. You also observe erroneous capitalization, missing punctuation, and a URL that was incorrectly inserted mid-sentence.
A text message scam for a “Gift Card” winner with several language problems.
Of course, not all fraudsters are from non-English-speaking nations. Many have a great grasp of the language and understand how to make the bait appear real.
Anecdotally, though, the great majority of smishing efforts I’ve received have featured clear grammatical or spelling issues.
Don’t Trust a Personalized Message
In several of the cases in this essay, the fraudsters managed to get my name right. This level of customization might convince people to assume the communication is real. You could receive a similar message trying to mimic your bank, ISP, or cell carrier.
A text message fraud utilizing the author’s first name
Unfortunately, chances are high that some of your personal information has been exposed online. Data breaches are prevalent, and they allow scammers to piece together information that makes them look more authentic.
For example, they could know your address, which smartphone you use, or your social network accounts.
Suspect It’s Real? Contact the Company Directly
One of the most prevalent smishing efforts of late is the postage scam. The message looks to be from a postal agency alerting you that you have to pay additional shipping expenses on a parcel or verify your address. The landing page suggests the package will be returned to the sender if you don’t pay to create a feeling of urgency.
My spouse received the smishing attempt below last week. Despite the official-looking tracking number and a carbon copy of the Australia Post website, mail handlers don’t seek to collect late shipment expenses through text message. They also won’t ship your box back within a few days of receiving it. Due of these irregularities, the hoax was discovered.
An “Overdue Postage” SMS messaging scam
A brief search brought me to a link on the AusPost website outlining the hoax. We also recently discovered the FedEx package delivery fraud. If you receive a similar SMS, check the web for “USPS (or the applicable delivery service) text message scam.”
Social engineering attempts may be a lot tougher to spot—particularly if you already assume the person you’re talking to is who they claim they are. One easy method to recognize such a fraud is if the other party is asking for cash or donations in gift cards, like they did recently in Louisville, Ky.
It’s notable enough that firms will never email, text, or contact you and beg for money. If you feel an overdue bill or postal cost isn’t authentic, contact the firm directly before you hand up any information. If someone is seeking money, make sure you contribute to the charity directly, via its official website, at a point of sale, or a collection box rather than by text.
Don’t forget to subscribe to our post notification to be notified of our latest updates and publication thank you.