You’ve probably heard about phishing, where criminals attempt to steal your personal information via email. Well, with the popularity of texting rising in recent years, fraudsters are attempting to dupe victims via text, too. It’s called SMS phishing, or “smishing.”
Smishers typically send a text that’s intended to trick you into giving away personal information, like your passwords, account numbers or Social Security number. They use that information to gain access to your email or bank accounts. Sometimes, they even sell it to other scammers. Smishers have lots of ways to get you to share sensitive information. According to the Federal Trade Commission, some of the most common tactics include:
- asking you to verify purchases
- claiming issues with your payment information
- offering prizes or gift cards
- sending fake package delivery notifications
- and warning you of suspicious activity on one of your accounts
These texts are so effective because they’re often similar to texts you might receive from legitimate businesses. If you click the fake link, you might be asked for personal information or get malware installed on your phone that can extract information automatically. The link might also lead to a fake version of a website where you are asked to enter your password. If you attempt to log in, the scammers can steal your username and password. Sometimes you might be tipped off by a detail that’s not quite right: misspelled words, odd sentence phrasing or an unusual URL. As criminals get smarter, though, it can be hard to tell for sure.
Of course, phone scams aren’t just limited to texting. Fraudsters may also call you impersonating your financial institution or other trusted source. Always be wary of incoming calls asking for personal information or passcodes.
How to Protect Yourself
With a little bit of caution, you can take steps to avoid becoming a victim of theft. If you’re unsure if a text is legitimate, follow these dos and don'ts.
- Do contact the supposed text sender directly. Locate a number for the business that you know is legitimate, such as the number on the back of your credit card. Then contact the business to determine if they’re the ones contacting you.
- Do forward spam and scam texts to 7726 (SPAM). Once you confirm the number is a smisher, forward the text to 7726 (SPAM). Doing so sends the text to your carrier to investigate.
- Do block scam phone numbers. If you’re not sure how, reach out to your wireless carrier for help.
- Don't be fooled by a familiar area code. Smishers can use tools to make it look as though the text is from a local number.
- Don’t click links in text messages. Links are often used to install malware or keyloggers—software that tracks what you type. If you’ve clicked a link by mistake, consider installing an antivirus app to scan your device.
- Don’t respond to a suspicious text message. Like website links, text responses can be used to verify your phone number and gain access to your personal information. Some financial institutions, including Navy Federal, do use text messages to verify suspicious purchases. However, those texts will never request personal information. Check with your financial institution to see if it offers SMS text banking or mobile alerts. That way you can identify the difference between a real message and a fake.
Navy Federal will never reach out to members asking for personal information via a text message. If you think you may have been a victim, you can report unauthorized transactions online.
This content is intended to provide general information and shouldn't be considered legal, tax or financial advice. It's always a good idea to consult a tax or financial advisor for specific information on how certain laws apply to your situation and about your individual financial situation.