The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money.
Such attacks are also known as smishing or robotexts (as the FCC calls them), and scammers behind them may use various lures to trick you into handing over confidential information.
“The FCC tracks consumer complaints – rather than call or text volume – and complaints about unwanted text messages have risen steadily in recent years from approximately 5,700 in 2019, 14,000 in 2020, 15,300 in 2021, to 8,500 through June 30, 2022,” the US communications watchdog’s Robocall Response Team said [PDF].
“In addition, some independent reports estimate billions of robotexts each month – for example, RoboKiller estimates consumers received over 12 billion robotexts in June.”
False-but-believable smishing baits reported by American consumers to the FCC include claims about unpaid bills, package delivery issues, bank account problems, or law enforcement actions.
Some of the most devious and convincing lures used in text message phishing attacks are links redirecting the targets to landing pages impersonating bank websites and asking them to verify a purchase or unlock frozen credit cards.
Phishing text messages can also be spoofed to make it appear that the sends is someone you’re more likely to trust, such as a government agency like the IRS or companies you may be familiar with.
While some attackers will attempt to steal payment details, others are not as picky and will be happy to steal any personal information they can get their hands on, use in subsequent scams, or sell to other malicious actors.
To defend against SMS phishing attacks, FCC recommends taking the following measures:
Do not respond to texts from unknown numbers or any others that appear suspicious.
Never share sensitive personal or financial information by text.
Be on the lookout for misspellings or texts that originate with an email address.
Think twice before clicking any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to ensure they weren’t hacked.
If a business sends you a text you weren’t expecting, look up their number online and call them back.
Remember that government agencies almost never initiate contact by phone or text.
Report texting scam attempts to your wireless service provider by forwarding unwanted texts to 7726 (or “SPAM”).
“If you think you’re the victim of a texting scam, report it immediately to your local law enforcement agency and notify your wireless service provider and financial institutions where you have accounts,” the FCC added.