By now, many people thankfully know to watch for phishing emails that want to steal your personal information. However, it’s vital that you don’t let your guard down, because malicious actors have turned to SMS texting as a new favorite method of attack.
Let’s look at some examples of SMS phishing, and how you can protect yourself.
SMS Phishing Explained
If you’re not aware, phishing is the act of impersonating a legitimate entity in an attempt to steal private information. We’ve explained how to spot dangerous phishing emails if you need a primer.
Recently, phishing via SMS—sometimes called “smishing”—is becoming more popular. Instead of emails, scammers are reaching out via text to trick you. This makes sense; phishing emails have become so common that many people know how to spot them. Plus, email services like Gmail become better at detecting these attacks all the time.
That’s why attackers have turned to alternative methods of trying to rip you off. Scams via phone calls, social media, and other mediums can catch people off-guard. If you’re not expecting a phishing message to arrive in your text inbox, you’re more likely to fall for it.
Examples of SMS Phishing
Let’s look at some of the schemes that attackers have employed in attempts to steal from you. While they’ll certainly come up with new setups, studying these will help you spot future farces.
Package Delivery Scams
Watch out, fake FedEx text messages coming from this number. Most likely a phishing scam. I've reported it to @FedEx pic.twitter.com/VOUGIy9uOa
— aperraglio_arts ????????⬛???????? (@mechafeather) January 16, 2020
If you create an account with UPS or FedEx, you can opt to receive updates about packages you’ve ordered. One of the popular SMS scams takes advantage of this.
In this scam, you receive a text message that your FedEx package is waiting for you to set delivery preferences. If you open the link in the message, you’re taken to a page impersonating Amazon that asks you to complete a survey. Once you complete it, you’re offered a “reward” for your time.
The page tells you that the reward is free, but you have to pay for shipping. In the fine print, you’ll see that placing an order signs you up for their service where you agree to pay $98.95 every month.
Netflix Account Scam
I just got this #Netflix #Scam SMS. Do not click on it! Best to block the number. pic.twitter.com/gQhIr6iqbY
— Turellë (@SeaSands_Nic) February 7, 2020
Another popular SMS scam is quite straightforward. You receive a message saying that your Netflix account is about to be suspended because you didn’t pay. Of course, the scammer has no idea if you actually subscribe to Netflix, but chances are that many recipients do.
Tapping the link in the message takes you to a bogus page where you’ll be asked to enter your Netflix credentials or credit card number. Providing either of these will put your information in the hands of thieves.
Verizon Security Scam
A somewhat sophisticated phishing scam I just received via SMS. Scammers are impersonating @verizon and attempting to glean account info. The Web address was immediately suspect, but the presentation was pretty spot on. Be careful out there #Security pic.twitter.com/P2wq7VvMCr
— Jay Lee (@jaylee) October 8, 2019
You might also receive a message claiming to come from Verizon. The text tells you that your account needs validation to prevent your access from being disabled, and provide a link.
The fraudulent website looks a lot like Verizon’s actual page, aside from the phony URL. If you provide your details, they could take over your account, potentially using it to order new phones credited to your bill.
How to Stay Safe From SMS Phishing
As we’ve cautioned before, you should never click on links in emails, texts, or messages on social media. If you receive a message claiming your account requires some action, you should instead visit the website directly and check for alerts there.
All of these scams are hoping that you’ll act without thinking due to the time-sensitive action against your account. If you ever do open a link from a text like this, avoid entering any personal information on the website. Companies like Netflix will not threaten to cancel your service via text message. And remember that “giveaways” like this are too good to be true.
When in doubt, delete the message and block the number that sent you a suspected spam text. Contact the company’s customer service through their official website if you have any concerns about the legitimacy of a message. And if you have a serious problem with SMS scams, see our guide to dealing with phone and text spam.