Americans have been alerted by the Federal Communications Commission (FCC) to an upsurge in SMS (Short Message Service) phishing attacks that aim to steal their money and personal information.
Scammers behind such attacks, often known as smishing or robotexts (as the FCC does), may employ a variety of enticements to coerce you into disclosing sensitive information.
According to the US communications watchdog’s Robocall Response Team, “The FCC tracks consumer complaints – rather than call or text volume – and complaints about unwanted text messages have increased steadily in recent years from approximately 5,700 in 2019, 14,000 in 2020, 15,300 in 2021, to 8,500 through June 30, 2022.”
RoboKiller, for instance, believes that consumers got over 12 billion robotexts in June. “In addition, some independent reports estimate billions of robotexts each month.”
American consumers have reported false-but-believable smishing baits to the FCC that make claims concerning unpaid bills, package delivery concerns, bank account issues, or police enforcement actions.
Links that take the targets to landing pages posing as bank websites and requesting that they confirm an order or unlock frozen credit cards are some of the most cunning and persuasive baits used in text message phishing attempts.
Phishing text messages can also be spoofed to make the sender appear to be someone you’re more likely to trust, such as a reputable company or a government body like the IRS.
While some attackers will try to obtain payment information, others are less fussy and will be content to obtain whatever personal information they may use in future frauds or sell to other bad actors.
The FCC advises adopting the following precautions to protect yourself from SMS phishing attacks:
- Don’t reply to texts that appear suspicious or come from unidentified numbers.
- Never text someone with private or confidential information.
- Watch out for misspelt words or texts coming from an email address.
- Before clicking any links in a text message, be cautious.
- Call your friend to be sure they weren’t hacked if they text you with a strange link that seems out of the ordinary.
- If a company texts you while you weren’t expecting it, find their phone number online and give them a call.
- Keep in mind that contacting a government agency by phone or text is a rare occurrence.
- Forwarding unsolicited texts to 7726 will let your wireless service provider know about texting fraud attempts (or “SPAM”).
- Submit a grievance to the FCC.
The FCC said that if you believe you are a victim of a texting scam, you should report it right away to your local law enforcement agency, your wireless service provider, and any financial institutions where you have accounts.
