In this article
What is Smishing (a.k.a. Text Phishing)?
If you ever receive a text message from a random number, business, colleague, or even a friend that you feel unsure about, it could be text phishing or "smishing". Smishing is when an attacker sends a fake text to your device posing as a legitimate source (Ie. a bank or your boss). The text often contains a link that, upon clicking, leads you to a fraudulent website placed there by the attacker in hope you will reveal personal or financial information (Ie. credit card numbers, passwords, etc.). Some common scam area codes are: 917, 765, 646, 470, 347 or 332. If you get an out-of-the-blue text from one of these, consider this a red flag to delete it.
A smishing text can also be delivered in the form of an "urgent" favor, gift card purchase, wire transfer, etc. from whoever the attacker is pretending to be. In this case, it's best to confirm the person's identity prior to taking any action. Place a quick phone call via the contact info you've saved in the past or have obtained from a trustworthy source. The attacker has most likely done their homework and knows about you and the person they're spoofing. Do not let his/her abundance of knowledge mislead you.
To protect yourself from these attacks it is important to be cautious when receiving texts from unknown sources as well as known sources who text from different numbers or display strange attributes. Do not click on any links or provide information unless you feel certain that the message is legitimate. It's best to not respond at all since you could be arbitrarily advising the attacker that he's reached a legitimate number and setting yourself up for future smishing attempts.
How Do I Filter Unknown Text Senders/Callers?
Android Phones
-
Open the Google Messages app.
-
Tap the three dots in the top right corner.
-
Tap "Spam Protection".
-
Toggle on "Enable spam protection".
Or
- Open the specific text and tap the three dots in the top right corner.
- Tap “Block Number".
iPhones
-
Open Settings.
-
Tap "Messages".
-
Scroll down to Message Filtering and under it, click "Unknown & Spam".
-
Toggle on "Filter Unknown Senders".
-
Now you'll have a spam filter for your phone. You can also switch between known and unknown senders in your "Messages" section.
What Should I Do if I've Already Succumbed to an Attack?
- Call your bank or financial institution to let them know your credit card number was stolen. Ask for a replacement card, request that your current card be blocked from transactions, and ask for your account to be monitored for fraudulent activities.
- If money was already taken, tell your card provider that you were scammed and ask them what your options are. If your money was stolen recently enough, you may be able to recover it.
- Change the passwords you use for your banking apps (and any other apps where you possibly re-used the password).
- Set up multi-factor authentication to prevent unauthorized logins in the future.