The invention of text messaging – and particularly, the widespread adoption of cellular data plans that allow for unlimited texting – has been a real boon for the honest and law-abiding citizen. Text messages, also known as Short Message Service (SMS), provide a tremendous convenience for today’s busy people. They let us alert loved ones that we’ll be a few minutes late, gossip with friends in quiet places, and send key information to coworkers or friends. Unfortunately, this same convenience and ease of use makes text messaging an area that is ripe for exploitation by the unscrupulous and criminal element.
If you text, you’ve probably received “spam” marketing text messages uninvited in your inbox; if you weren’t on an unlimited plan, you may have expressed a few choice words at having to pay an extra charge for the privilege of seeing an unwanted advertisement. But text spam is an irritant at worst; the real threat comes from “smishers,” identity thieves using the SMS system to try to trick or extort personal identity from unwary consumers.
These scammers will usually send a faked message that pretends to be an official communication from your financial institution. The fake text will ask you to contact someone in the office at a provided phone number or to click on a link embedded in the text message to visit a web site from your cell phone’s browser. The phone number leads to a boiler-room crime ring, and the web site is a fake, designed to look like the real site, but it is, in fact, completely in the control of the identity thieves. Once they have you on the phone or on the web site, a smooth talking operator will attempt to get your identity information, such as your account number(s), your social security number, your home address, etc.
Sometimes spotting smishing attempts can be very simple, as when there are obvious misspellings in the message, the name of the financial institution is slightly wrong, or the request for information is blatantly obvious. Unfortunately, many smishers have grown much more sophisticated; their dummy sites look and work just like the official site, and the people working the phones or the online chat system at the website are very knowledgeable and skilled at emulating real financial industry professionals.
There are four key defensive techniques.
One, be suspicious to the point of paranoia about your passwords and account information. No reputable financial institution will ask you to provide, to verify, or to confirm such information over an unsecured phone or Internet chat line, and they will NEVER call you or text you to ask you to provide or confirm such information in order to avoid an account closure or other dire consequence.
Two, you can further protect this information by ensuring that you always have strong passwords for your accounts at financial sites, using a different password for each account so that one lucky guess doesn’t open up your entire portfolio to these hackers.