Your cellphone chimes — a text message has come in. It bears your bank's name and has some disturbing news. One of your accounts has been frozen. Please call us at the following number to clear this up, urges the message.
You've just been "smished."
See also: What happens to stolen personal data?
An offshoot of "phishing" — emails that try to trick you into disclosing personal or financial information — smishing is named for the SMS (short message service) technology used to send text messages. (There's even another variation, "vishing." Instead of a text message, you get a call with a recorded voice.)
As more people have gotten wise to computer-based scams, scammers are increasingly targeting cellphones. Their users are three times more likely to fall for fake messages than computer users, according to online security firm Trusteer; iPhone users are the most vulnerable.
When you call the number the text gives you for your bank, you're actually connecting to the scammers, who ask for your account number, PIN, Social Security number — the raw material of identity theft.
Bogus bank alerts lead in smishing attacks. But you may also get texts promising a free laptop, mortgage assistance or lottery winnings. A message may just say, "Short on cash? Reply here!" One new come-on is a supposed free security app to get you to click on a link that in fact downloads identity-stealing software to your phone.
Whatever the method, the goal is the same: to get your personal information and money.
The Federal Trade Commission recently moved against a firm that was allegedly offering phony government loans by text. Five and a half million text messages were sent to cellphones in just 40 days — roughly 85 per minute, according to the commission. This firm also is alleged to have sold the numbers of people who replied asking to be removed from the list.
So here's your defense:
- Don't reply. Even sending a "remove" or "stop" response to a smishing text tells scammers that your number is active, meaning you may get more messages.
- Don't click on links in texts sent to you by unknown parties.
- Block suspicious numbers. Your cellphone provider may be able to block numbers where the texts and calls originate.
- Your bank is texting you? Look up its number yourself — don't trust the one provided in the text — and call.
- Don't store credit card and account login information in emails or notes on the phone.
- Set your phone to time out and lock after a short period. If it's stolen, thieves won't get personal information.
- Install updates. When you receive a bona fide notification of an upgrade to your phone's software, install it immediately. If you doubt the message is legitimate, call your cell or app provider.
Also of interest: How safe are your online habits? >>
Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.