This article is from Scambusters.org. They have great information to help all us avoid losses from scams.
Phishing, the scam that involves
tricking people into giving away confidential information, is surging via text
messaging, posing a greater than ever risk of identity theft. The reason? People trust text messages more
than they do email, so they’re more likely to fall for the scam.
This type of phishing, better known as “smishing,” has been around
for years but because consumers have wised-up to email tricks and, in fact, are
using email less and less for simple messages, scammers have switched their focus
to SMS texts to target their victims.
According to computer blogger Luke Larsen, the crime “has come full-force
to texting, and it carries even more potential danger than it does through
email.” Writing for the online tech
site Digital Trends, he says that cyber crooks are buying up smart phone
numbers from databases on the dark web and then targeting them to trick users
into giving up personal info. The text
usually contains a link that downloads malware, which steals as much data as it
can find.
And therein lies the threat: “Your smartphone knows a lot more about
you than your PC, so an installed piece of malware might steal the phone
numbers in your contact list and spread the virus in hopes to exponentially
multiply,” Larsen says. “Even
important bits of personal data, like banking credentials or your tracking
location, can be at risk.”
Insider View
His views are echoed by industry insider Ruby Gonzales, communications director
of NordVPN, which recently published a report on the trend. She says that, as personal use of email is
falling, legitimate marketing companies have turned to SMS and some social
media sites to sell their products and services. Users have become accustomed to receiving
offers by text, including clickable links. They’re also less likely to have
spam filters on their texting service, like they do with email, and it’s often
difficult to check whether links inside SMS messages are valid or not. “It’s a wider channel for
criminals,” Gonzales says, “and they are trying to exploit it in the
same way as all other channels that are opening.”
Scammers are also using texts to pose as tax authorities, not just in the US
but also in the UK and Canada. The tactic creates a false sense of realism
because many people don’t realize that text messages can be a threat.
“They say that the user is due a tax refund or needs to provide more
information,” she explains. “Basically, they try to get users’
information, and that can be used for stealing their money.”
Dangerous messages sometimes use shortcodes — one-word responses users are
asked to key in to acknowledge they got it. That can be enough to trigger a
malware download.
For example, scam messages posing as donation requests from charities may
provide a single word response that immediately forwards a donation. Scammers
have used the same tactic, Larsen says, to steal money right out of bank
accounts.
You might also end up with additional charges on your phone bill, according to
a recent warning from the Federal Trade Commission (FTC).
Research suggests as many as one in three smartphone users had been targeted by
a smishing attempt in just six months last year, although the actual number is
likely to be higher since most people don’t report scam attempts.
What to Do
The best thing you can do to avoid falling victim is to never click on a link
inside a text message.
Certainly, you should never respond to a request for a password or other
confidential information. Instead, visit the real website of the organization
that seems to be asking and check if it’s a genuine request.
You should also use extreme caution even if the message asks you to send the
word “Stop” to stop receiving messages, as many do, unless you’re
100% sure that it’s genuine.
Sending a “Stop” message may not land you in immediate trouble but it
signals to a phishing scammer that there’s a bite on the line.
In fact, for the same reason, you should never reply to text messages from
someone you don’t know. It simply opens the door for an onslaught of spam.
In most cases, it’s actually illegal for businesses to send unsolicited texts
to mobile devices without your permission. So, if you get one, that’s a big red
flag.
Block the sender if you can. But otherwise, just delete the message.
And don’t share your cell phone number on social media.
In addition, it’s wise to install an anti-malware app on your phone.
Contrary to what many people believe, Gonzalez says, phones are more
susceptible to malicious software than PCs.
“Specifically, Android phones,” she warns, “because
Android is a more open system.”
To learn more about smishing, check out this article from Internet security
company Kaspersky: https://usa.kaspersky.com/resource-center/threats/what-is-smishing-and-how-to-defend-against-it
