Recent reports have warned of smishing, but what exactly is it? And how do you know if you’re being smished?
Smishing is 1 of the “ishing” scams:
- Phishing: scammers send you an email asking for personal info
- Smishing (or SMiShing): the scam comes via a text or messaging app, like WhatsApp
- Vishing: the scam comes via a call or voicemail
These messages may seem like they’re from a familiar company or organization — a bank, your internet provider, the IRS — but they’re not.
They’ll try to fool you into revealing personal info, such as bank details or login credentials.
In the case of smishing…
… the text usually contains a link that, if clicked, will download malware to the victim’s device or direct to a bogus site requesting personal info.
These kinds of scams were hot in 2020, resulting in 241.3k complaints and adjusted losses of $54m+, per a report from the Internet Crime Complaint Center (IC3).
How to spot it
Red flags include messages that:
- Have grammar or spelling errors
- Try to scare you (e.g., “your account is suspended”)
- Offer prizes or rewards
But the biggest red flag? Asking for data at all. Per Bryan Ogelsby of the Better Business Bureau, “No legitimate company, government agency, or organization is going to ask for that data even if they sent you a text message or email.”
So, what to do?
- Don’t click the link.
- Report the text.
- If you’re unsure, contact the supposed sender of the message directly and ask them if they tried to reach you.