Bottom Line Up Front
- Smishing, similar to phishing, is when scammers send a text to trick you into giving away personal information.
- Don’t click any links in text messages that you’re not sure about or respond back to the smishers.
- Contact your bank or credit card company directly to confirm that the text came from a trusted source before sharing any account information.
- Report smishing texts to your mobile provider by texting 7726.
You’ve probably heard about phishing, where criminals attempt to steal your personal information via email. With the popularity of texting, fraudsters are attempting to dupe victims via text, too. It’s called SMS phishing, or “smishing.”
Smishers typically send a text that’s intended to trick you into giving away personal information, like your passwords, account numbers or Social Security number. They use that information to gain access to your email or bank accounts. Or, they sell it to other scammers. Smishers have lots of ways to get you to share sensitive information. According to the Federal Trade Commission, some of the most popular tactics include:
- Asking you to verify purchases
- Claiming issues with your payment information
- Offering prizes or gift cards
- Sending fake package delivery notifications
- Warning you of suspicious activity on one of your accounts
These texts are so effective because they’re often similar to texts you might receive from legitimate businesses. If you click the fake link, you might be asked for personal information or install malware on your phone that can extract information automatically. Or the link might lead to a fake version of a website where you are asked to enter your password. If you attempt to log in, the scammers can steal your username and password.
Sometimes you might be tipped off by a detail that’s not quite right: misspelled words, odd sentences or an unusual URL. As criminals get smarter, though, it can be hard to tell for sure.
Of course, phone scams are not just limited to texting. Fraudsters may also call you impersonating your financial institution or other trusted source. Always be wary of incoming calls asking for personal information or passcodes.
How to Protect Yourself
With a little bit of caution, you can take steps to avoid becoming a victim of theft. If you’re unsure if a text is legitimate, follow these dos and don'ts.
- Do contact the supposed text sender directly. Locate a number for the business that you know to be legitimate, such as the number on the back of your credit card.
- Then contact the business to determine if they are the ones contacting you.
- Do forward spam and scam texts to 7726 (SPAM). Once you confirm the number is a smisher, forward the text to 7726 (SPAM). Doing so sends the text to your carrier to investigate.
- Do block scam phone numbers. If you’re not sure how, reach out to your wireless carrier for help.
- Don't be fooled by a familiar area code. Smishers can use tools to make it look as though the text is from a local number.
- Don’t click links in text messages. Links are often used to install malware or keyloggers—software that tracks what you type. If you’ve clicked a link by mistake, consider installing an antivirus app to scan your device.
- Don’t respond to a suspicious text message. Like website links, text responses can be used to verify your phone number and gain access to your personal information. Some financial institutions, including Navy Federal, do use text messages to verify suspicious purchases. However, those texts will never request personal information. Check with your financial institution to see if it offers SMS text banking or mobile alerts. That way you can identify the difference between a real message and a fake.
Navy Federal will never reach out to members asking for personal information via a text message. If you think you may have been a victim, you can report unauthorized transactions online.