Did You Just Get a Text from Yourself? (Top Smishing Scams)

One of the biggest threats to business cybersecurity is phishing. And phishing has been taking an alarming turn lately. It has been bypassing the email inbox and instead, coming in as a text message. Phishing via SMS is also known as “smishing.”

This trend to have a more direct path to you isn’t unique. Retailers like World Market, Shoe Carnival, and others have been encouraging customers in their stores to sign up for text notifications with the promise of a percentage off their purchases.

It seems SMS is becoming the new form of email because email inboxes have become so bloated. Plus, an SMS isn’t going to be sent to an email spam folder (at least not yet).

Two factors make smishing very dangerous:

  1. It’s growing at a rapid pace: During the first six months of 2021, phishing via SMS jumped by nearly 700%
  2. Fewer than 35% of the population knows what smishing is. 

If you were confused about a text message you received lately that came from your own phone number, you’re not alone. This is just one of the many smishing tactics that have been proliferating.

It’s important to raise awareness of smishing in your organization, so employees can be on the lookout for this newer delivery channel. Here are some of the top smishing scams they should watch out for.

Spoofing Your Own Number to Send You a Text

One of the challenges with SMS phishing is that it’s harder to identify a fake sender. Most people are not going to know the correct number that Amazon sends its shipping alerts from, for example.

One way that you can spot a fake is if the number the text message came from is yours.

Using spoofing software, hackers can send out smishing and make it look like the message is from your own cell number. Of course, it’s not, and they are just masking the real number that it came from. 

These should be immediately reported and deleted, most cell phones will have this option.

The promise of a Free Gift

One scam that’s become prevalent is a message that does not identify the sender and simply says, “Thank you for your recent payment. Here is a free gift for you.” It contains a link that takes the person to a malicious phishing site.

Just like email phishing, you can get taken to phishing sites that steal data or infect your phone with malware when clicking on a link in a text message.

This scam uses the promise of a free gift, and is nondescript about the payment, leveraging the fact that most people would have recently paid some type of bill.

Impersonating USPS, UPS, or FedEx

Shipping notices are a common SMS type that people opt into. Scammers have taken advantage of this and are sending text messages that impersonate one of the popular shipping services (USPS, UPS, FedEx).

These notices use scams like:

  • Delivery problem
  • Information needed to complete a shipment
  • Money due on shipment 

Fake Service Appointment 

This scam hit close to home for a South Carolina neighborhood. One resident posted on the neighborhood’s Facebook page about receiving a scam text about an installation appointment with AT&T. The text message asked him for personal details, and he got suspicious.

The scary part was that AT&T had just spent about a month doing an installation of its new fiber internet in the neighborhood, and once finished did a sign-up drive for new customers. Thus many people in that neighborhood were scheduling installation appointments.

This just goes to show that scammers often leverage news and other personal details found online and on social media to try to trick you.

Government Stimulus or Tax Scam

There have been a number of government stimulus programs happening due to COVID, and just because the official ones may have ended, doesn’t mean scammers aren’t still using that as a smishing ploy.

One SMS tactic you may see is that you missed out on another stimulus. The text message provides a link to “claim” your money. This can send you to a form where personal information is requested (like your SSN), which can then be sold and used for identity theft.

Suspicious Activity on Your Account

Service providers like Netflix and Google sometimes send notices about “suspicious activity” or a recent login on your account. Scammers use this fact to fool you in another type of smishing scam.

This one involves a text message that is sent to you claiming suspicious activity has been detected on your Netflix, Amazon (or other) account. You’re then given a link to change your password. Of course, this is to a spoofed login page, and instead of changing it, you’re actually handing over your password to the cybercriminal. 

How Secure Are Your Team’s Mobile Devices? 

Do you have a solid mobile device security system in place? Cloudadvize can help your Dallas-Fort Worth business with mobile device management to defend against smishing, mobile malware, and other mobile-based threats.

Contact Cloudavize today for a free consultation to get started.