4 Popular smishing attacks to watch for

A photograph of someone's hand as they hold a smartphone.

How many text messages from companies do you receive today compared to five years ago? If you're like many people, it's quite a few more.

Many retailers now bypass email inboxes by urging consumers to sign up for SMS alerts. The medical industry has also joined the trend. But unfortunately, retail stores and medical practices aren't the only ones grabbing your attention by text.

Cybercriminal groups are also using text messaging to send out phishing. Phishing by SMS is called "smishing," and it's becoming a significant problem.

Cybercriminals use these attacks to steal confidential information or login credentials. Once they have your data, cybercriminals can use it for extortion or to gain access to your network and accounts.

You must know how to identify smishing attempts to help prevent falling prey to these clever attacks.

For over 25 years, WEBIT Services has helped clients discover and apply effective security practices. It is passionate about knowledge, education, and online safety.

By reading this article, you will learn four of the most popular smishing scams and how to identify them.

Popular Smishing Scams to Watch Out For

It's important to understand that phishing email scams are morphing. They've evolved into SMS scams that may look different and be harder to detect.

For example, you can't check the email address in text messaging to see if it's legitimate. Instead, you have to know the sender's phone number. If you don't know the legitimate number that Amazon shipping updates come from, can you be sure the text is genuinely from Amazon?

Text messages also commonly use those shortened URLs. Unfortunately, these mask the genuine URL, and it's not as easy to hover over it to see it on a smartphone as on a computer.

However, you can learn the trends in smishing attacks and use this information to identify dangerous text messages. Here are four smishing scams.

1. How Can I Text Myself?

If you haven't yet received a text message only to find your phone number as the sender, you likely will soon. This smishing scam is fast making the rounds and results in confusion.

Confusion is good for scammers. It often causes people to click a malicious link in a message to find out more details.

Cybercriminals can make it look like a text message they sent you is coming from your number. They use VoIP connections and clever spoofing software.

If you ever see this, it's a big giveaway that this is an SMS phishing scam. Therefore, you should not interact with the message in any way and delete it instead. Some carriers will also offer the option to delete and report a scam SMS.

2. Problem With a Delivery

This smishing scam pretends to be from a known shipper like USPS or FedEx. The smishing message states that there is a package held up for delivery to you because it needs more details.

The attached link can take users to a form that captures personal information used for identity theft.

One tactic using this scam is to ask for a small monetary sum to release a package. Then, scammers create a legitimate-looking website to get your credit card number. Once they have your information, they can steal funds, steal your identity, or make unauthorized purchases.

In this instance, it's important not to call the number that sent the text message. Instead, contact the phone number on the company website and confirm the status of your delivery.

3. Fake Appointment Scheduling

Much like the delivery scam, this smishing attack is also after personal information. The smishing SMS will look like it's from a known company and will ask for personal information to confirm appointments.

However, the text may reveal itself as a scam by having incorrect data (i.e., an address may be wrong, a name misspelled, etc.). The message may also be for a company or service you did not schedule with.

Again, call the company that supposedly sent the SMS if you feel any text message is suspicious. Do not click any links or call the sending number. Instead, go to the company's website and call the contact number listed.

The company can confirm the appointment and text message.

4. Get Your Free Gift

Another recent smishing scam is a text message that doesn't declare a sender. Often, these messages say something like, "Thank you for your recent payment. Here is a free gift for you." At the bottom of the statement, there's a link.

However, the website linked is a cybercriminal creation. The form on the website will ask for personal information, which the criminals can use to steal identities.

Cybercriminals anticipate most people would've paid a bill recently and mistake the text to be from a company they know. The criminals hope that no one takes a closer look at the message to find it's a fake.

They also hope to snare victims with the promise of giving them a free gift.

If you receive a text message from an unknown source, do not click the attached links or call the number directly.

Next steps to avoid smishing attacks

Smishing attacks are growing in popularity and have become a legitimate threat.

To avoid falling prey to a smishing attack, you should:

  1. Learn smishing trends to identify attacks.
  2. If you receive an odd text message from a company, call the company's listed contact number to confirm.
  3. Do not call the sender number or click any links in a suspicious text message.

If you have additional questions about email and texting security practices, talk to your IT provider or internal IT team. They can educate employees or help create procedures to help keep your company devices and data safe.

If your company email system does not have a spam filter or phishing report program, talk to your IT provider or team about this. Spam filters and phishing tools can save time and protect your data.

WEBIT Services has educated clients in cybersecurity and has helped clients establish effective security procedures.

If you are looking for a new IT provider, schedule a free 30-minute consultation to see how WEBIT Services can help.

If you aren't ready to make a commitment but would like to learn more about the dangers of cybercrime, we recommend the following articles: