Cybercriminals have found a way to strip digital device users of their personal data, using a cyber fraud tool called "smishing." Smishing scams compromise the target's cell phone through texts or SMS messages, then swipe the target's personal data once the user clicks on the text link.
Smishing fraudsters count on victims to click on links in SMS texts, which digital consumers often don't scrutinize as closely as links in emails. Victims often mistakenly assume the content of text messages is private, from a trusted and secure source.
"Smishing professionals use text messages that lure you into clicking on links or providing personal information in response to a text message from what appears to be a trusted source, such as a company with which you do business, such as your bank," explains Steven J.J. Weisman, author of the book Identity Theft Alert. "They'll use other strategies, too."
In recent smishing scams, fraudsters have used these tactics to steal personal data and cash from unwary victims. Smishing scams come in different forms. Here are a few of them:
In this instance, victims are prompted by a text message appearing to come from their bank to respond to a feigned emergency by providing personal information like an account number. "If you provide this or other personal information, it's used by the scammers to steal your identity," says Weisman.
The Toll Call Scam
In this smishing scam, the message tells the target to call a telephone number that's actually a toll number with charges as much as $19 per minute. "Often, you're put on hold for long periods of time to increase the charges, which then add up," Weisman says.
The Malware Scam
"In this scenario, smishing victims are lured into clicking on text links that leave targeted individuals vulnerable to ransomware or malware—cyber fraud tools can steal all of the information from your phone and use it for purposes of identity theft," Weisman explains.
The "Service Cancellation" Scam
In this case, a cell phone user's SMS message might indicate that they signed up for a service or there's a premium on an existing service and are asked if they want to cancel, to click on a link, says Scott Amyx, an Internet expert and managing partner at Amyx Ventures. "That tricks the user into sharing private information," he says.
The best way to stop smishing scams is to treat them like suspicious emails, experts say.
"Take the same precaution that you would on email to avoid phishing," Amyx advises. "If you're not familiar with the sender, content or unsure of the link, don't click on the SMS text message."
Also, look for red flags that signal a smishing scam is underway.
"These attacks typically include warning signs," notes Tim Pruger, a member of the consumer education committee of the Communications Fraud Control Organization. "SMS messages that have typos and/or grammatical errors should be viewed with suspicion, as should any messages that ask for the recipient to respond with personally identifiable information. Fraudsters will also use the promise of prizes or competition winnings as bait."
Don't fall for any of the above smishing scams, experts say.
"A good rule of thumb on smishing scams to follow is this," Pruger says: "If it sounds too good to be true, it probably is."
Want to learn more about how smishing works? Read this.
Editorial Disclaimer: Opinions expressed here are author's alone, not those of any bank, credit card issuer or other company, and have not been reviewed, approved or otherwise endorsed by any of these entities. All information, including rates and fees, are accurate as of the date of publication.
This article was originally published on May 18, 2018, and has been updated.