Smishing — before you click another text message, read this

Our phones are an extension of ourselves, helping us do everything from keeping in touch to streaming our favorite shows to sharing our adorable pets on social media. But with increased data usage comes the increased danger of getting your personal information stolen via your phone — which can lead to damaging consequences.

“Cybercriminals will continue to devise schemes to trick you into giving them an entryway into your digital world,” says Laura Bennett, Senior Vice President, e-Consumer North America for Blink by Chubb.

One such scheme is “smishing,” where hackers gain access to your data by using fake text messages. So, read (probably on your phone) about smishing scams and how to safeguard against them.

You’re probably familiar with the terms phishing and spoofing, scams where bad actors send fake emails that claim that you’ve gotten some sort of prize or that urgent action is required on your account. Spoofing emails pretend to be from trusted, big-brand institutions, like major banks or retailers. These emails try to trick you into opening a link or file — which allows malicious software to be downloaded onto your computer and leads to your data being compromised.

The word smishing is a mash-up of SMS (aka texting) and phishing. A smishing scam is a version of phishing that’s done through spam text messages rather than fake emails-and, like spoofing, texts may seem to be from a trusted sender. The smishers steal your personal and financial data through your mobile device instead of from your computer. The result is the same as phishing: the hackers obtain enough of your info to be able to impersonate a digital you.

This can have serious consequences because…

Cybercrime is on the rise. A 2020 report from the FBI’s Internet Crime Complaint Center¹ includes information from 791,790 complaints of suspected internet crime — an increase of more than 300,000 complaints from 2019.

Much of that crime begins with stealing your online identity.

According to Bennett, “Identity thieves are highly skilled and sophisticated and employ time-honed techniques and technology tools to deceive you. They’ll try to steal the log-in credentials to your financial accounts, your email, and/or your mobile phone.” Their ultimate goal, she says, is “Moving money from your accounts to accounts they control.”

And your text message activity can be the open door, inviting cybercriminals in.

Cyberattack by smishing is attractive to hackers because text messages have qualities that put data thieves at an advantage:

• Lack of authentication – SMS text senders are not verified beyond a phone number.
• The odds we’ll answer – American adults open 99% of their texts.²
• Location data – Your phone can provide smishers with your site location, which can make the scam text message seem more legit.
• Speed – We generally text fast, which makes it easy for us to mistakenly open and click on fake texts.
• Volume – More than six billion texts are sent every day; 97% of American adults text weekly. Good statistics for a criminal enterprise looking to exploit.

The best way to avoid being smished is to be vigilant about your personal texting habits and security.

• Ignore texts that seem “off” and don’t open text alerts you didn’t sign up for.
• Block unwanted text senders and consider minimizing your text alerts to the most essential.
• Don’t click on links in text messages unless you’re absolutely sure who the sender is and the purpose of the link.
• Get a personal virtual private network (VPN), which will help protect against location-based smishers.
• Use a two-factor authentication (2FA) app such as Authy or Google Authenticator, to eliminate the code-texting verification steps and increase the security.

Getting smished is no joke — protect your identity and your finances with vigilance and cyber security best practices.