How to avoid 'smishing' scams

By Doresa Banning

"Bank of America Alert: Your account has been suspended. Call 866-223-1129 immediately to reactivate."

This is one example of an bogus text you could receive through your cellphone in a smishing scam. Unlike phishing, in which cyber-thieves use phony e-mails to bait you into revealing personal information, smishing involves text messages. Sometimes written SMiShing, the term is a hybrid of "phishing" and "SMS," which stands for Short Message Service, a term for text-messaging technology.

A typical smishing message might tell you that a suspicious purchase has appeared on your credit card. Others could indicate you're being contacted about a recent security breach that's been in the news. Still others might imply you've been chosen to win cash or prizes.

All will encourage you to respond somehow, usually either by calling a number or clicking on a URL. Once you do that, you'll typically be connected to an automated voice message or a phony website--many of which can look very authentic--which will prompt you to provide one or more of the following: your credit card number, PIN, Social Security number or mother's maiden name.

Cyber-thieves commonly send phishing emails that appear to be from a bank or credit union, PayPal, eBay, the Internal Revenue Service and countless other legitimate organizations. So as scammers turn to smishing, it's conceivable you could receive text messages appearing to be from these places too.

Disturbingly, research by the Internet security firm Trusteer found mobile phone users may be three times more likely than computer users to fall for fake messages.

Once your identifying data is in thieves' hands, they're likely to use it maliciously. That could mean selling it to other fraudsters, or attempting to access the funds in your checking and savings accounts to spree shop, either of which could cost you time and money. So it's vital to protect yourself by knowing what to do when you receive a potential smishing message.

How to handle smishing

Here's what to do if you receive a potential smishing text message:

  • Be suspicious of any out-of-the-ordinary texts, particularly ones that want you to divulge identifying data about yourself.
  • Never text back, no matter how compelled you are to do so. Responding by text, even just to berate the sender, confirms to the scammers that they've reached an active cellphone and someone engage-able, which sets you up for being targeted further.
  • Never respond to any of these types of texts regardless of how frightening or urgent it seems. Cyber-thieves often rely on shock and urgency to spur you to react instantly. Know that financial institutions — banks, credit unions, credit card companies, etc. — won't contact you this way to obtain personal information.
  • Never click on any links contained in the message. Doing so could release a virus on your phone or even download mobile spyware that enables the sender to eavesdrop on your conversations.
  • Never share your mother's maiden name, Social Security number, bank account numbers, account usernames and PINs/passwords in response to a text.

If you must know whether or not the text is legitimate, you have two options. Conduct a Google search using part or all of the message; this can often shed light on the scam if it's common. Or call and ask the organization that allegedly sent the text, but don't use the phone number it provided. Find one you trust from the phonebook, the company's website or your bank statement. Inform the company about the text and inquire whether it sent it.

If you uncover that the message is a scam, you can report it to the Federal Trade Commission, the governmental agency that works for the consumer to prevent fraud in the marketplace. You can reach them at 877-FTC-HELP (382-4357).

You can also file a complaint via with the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. To prevent further smishing attempts on your phone, you can also ask your cellphone provider to block the number.

Worse than having your identity stolen is knowing it happened because you fell for a scam. Awareness is the first step to preventing a smishing scam from victimizing you. The next time you receive an unsolicited text, resist the urge to respond. By doing so, you'll be thwarting a scammer and protecting your assets in the process--a true win-win.