Does it seem like you aren’t getting as many robocalls these days?
OK, maybe they haven’t slowed down that much; let’s just say they’ve leveled off. But you’re likely getting bombarded with more spam texts than ever before. A lot more. After an exponential increase in 2022, spam texts continue to go out to Americans in droves—and are becoming more sophisticated and increasingly challenging to identify.
And when unsolicited texts go from harmless advertising to seeking sensitive information, that’s when texting becomes “smishing.” (The term derives from SMS (short message service) + “phishing”).
What is the goal of smishing?
Similar to phishing attacks over the phone or by email, scammers send a text designed to trick the recipient into:
- Revealing personal information (like an account number, PIN, or login credentials).
- Downloading malicious programs from an attachment.
- Clicking a link that can activate malware.
Scammers choose smishing over other types of phishing attacks mainly because the click-through rate is much higher from texts than from emails. They can also hide the origins of these texts by spoofing phone numbers. Not to mention, it's more difficult to spot dangerous links on a phone; on a computer, for instance, you can hover over a link to see where it goes.
“Not only can clicking on links download viruses or other malicious software onto your device, but it’s also possible for the scammers to capture the information you input and use it to access your accounts,” said Stephanie Ziegler, SELCO’s Financial Investigations Manager.
Note: SELCO will never send a link in a text without speaking with you first. In addition, we will never text, call, or email asking for sensitive information, such as your PIN, card information, or login credentials.
At first glance, these texts can appear legitimate, like they’re coming from your financial institution, utility company, or delivery services like UPS or Fed Ex. They may even address you by name. But they’re also often riddled with grammatical errors, which is a big red flag. And the more urgent the message sounds—the faster the message is trying to get you to take impulsive action—the bigger that red flag gets.
Here are a few examples of common smishing texts.
Can smishing be stopped?
As was the case with their predecessor robocalls, smishing can’t be stopped completely. But you can certainly slow them down by taking preventive measures:
- Treat unsolicited texts with an extra dose of healthy skepticism. The old adage, “If it sounds too good to be true, it probably is,” absolutely rings true when it comes to spam texts. Question everything. “If you receive an unexpected text asking you to take action, even if it’s from a company name you recognize, go to their website or call in to verify they were attempting to contact you,” Ziegler said.
- Do not interact. Our natural instinct may be to quickly scan a text, respond, then carry on with our day. But if it looks like a junk message, it most likely is. Most importantly, never click a link or attachment in a text message you weren’t expecting. This could trigger malware that infects your phone.
- Block, report, repeat. Beyond the spam blocker that likely comes with your phone, there are lots of free apps that can help fortify your firewall. There’s always the tried-and-true National Do Not Call Registry, as well. Block the number, report it, then delete the text.
Smishing may be a funny-sounding term, but it’s no joke. By putting up a shield early, you can stop (or at least slow) the constant flow of these potentially dangerous messages.