“SMiShing” (Personal Information Theft Using Text Messaging)
SMiShing (pronounced “Smishing”) is an electronic threat targeting cell phone and mobile device users. Similar to email phishing scams, con artists use text messages in an attempt to get wireless customers to divulge personal or account information or to download malicious software.
The term SMiShing is derived from a combination of the term phishing and SMS (Short Message Service), which is the technology used for sending text messages.
In a typical SMiShing scam, a wireless customer receives a text message requiring him/her to give immediate attention to the message and telling him/her to access a particular web site or to call a specific phone number to address the problem. The message appears to come from the customer’s financial institution and indicates that an account has been suspended, deactivated, locked, etc… and provides a phone number to call to reactivate it.
The danger is that an unsuspecting customer may call the phone number in the text message and provide personal information such as an account number, social security number, user ID, password, and/or Personal Identification Number (PIN) to a person or to an automated service thinking he/she is talking to his/her financial institution. In reality, this information is given to the perpetrator of the SMiShing scam.
Although SMiShing messages are designed to be nearly impossible to distinguish from legitimate text messages, there are some common signs you can look for:
- An urgency for the customer to take immediate action;
- The mention of negative consequences if the customer does not act; and
- The lack of a telephone number showing where the message came from.
DO NOT respond to any suspected message that may be a SMiShing scam. DO NOT text a response, DO NOT call the supplied phone number and DO NOT go to the listed web site. Instead, contact the alleged source of the text message directly and inquire if an actual problem with your account really does exist.