You’ve heard of phishing. Now, it happens on your mobile phone’s SMS text messages. It’s called smishing: scam messages sent by text that prompt you to reveal personal information and include links to download malware on your phone.
While people have come to expect spam emails and phishing attacks and scam phone calls – on landlines and now via mobile phone, but at this point the legitimacy of text messages are still on a learning curve. One difference is the immediacy of how people respond to text messages, and con artists prey on urgency.
Like spam emails and scam calls, smishes can originate from unknown phone numbers or using the name of a business rather than the visible number digits. Some real businesses do use a shortcode number to send legitimate text messages, which is a small number of digits accompanied by a brief message. Yes, this looks like a smish. Yes, scammers are overjoyed about that.
One red flag that a text message is actually a smishing attempt is the use of words like “Reply Now!” “Win/Winner!” or “Urgent!” Not all smishing messages have this hallmark, but all carry a sense of urgency, and the demand for you to divulge personal information or download an app from a link in the text. For example, say you get a text looking like it comes from your bank prompting you to download their new app and providing a link to download it. You click the link and it takes you to a convincing copycat of your bank’s website. Checking the actual full URL of the site is more difficult on a mobile device because of limited screen space. You are prompted to hit the button to download your “bank’s” new app.
Here is where another red flag raises: if the download link doesn’t show a Google Play or Apple App Store Label, it’s a trap. Clicking that button will download malware onto your phone.
Learning to protect yourself from smishing attempts should be intuitive and quick on the uptake because we have already run the gauntlet of phishing scams and scam calls for decades now. If a text contains any of the red flag words of urgency, it’s probably a scam. If you don’t know the number or company, don’t click on links within the text. If the number or company origin looks legitimate, do an online search on it just in case before following any links the text provides. Install antivirus software on your phone – it is a computer, after all.