Internet scammers are very good at making e-mails and texts look authentic. The fake text from your "bank" could look exactly like the real thing, so there might be no immediate indication that something's amiss. Take a look at the sender's phone number, though. If it's "unknown" or blocked, that's a dead giveaway that things aren't right -- most of these scams are perpetrated with random dialing programs. But sometimes the SMiShers will use stolen customer phone numbers from a bank or other financial institution, and it might look like the sender is in your area code.
Here are some steps to take to protect against SMiShing [source: FBI]:
- If a text message looks even remotely suspicious, delete it right away without reading it.
- Never reply to or follow the instructions of a text that asks you for personal information. A legitimate business will never ask you to reveal your account number, user name, password or full Social Security number over the phone or online.
- If you're not sure the message really is from your phone's service provider, for instance, type the company's URL in your browser instead of clicking on the link or attachment. Call the customer service number listed on its Web site instead of using the number provided in the text.
- Use a credit card if you're shopping online on your smartphone. You can always dispute charges if your phone becomes infected and someone makes unauthorized charges to your card.
- Bottom line, use common sense: If something seems shady, it probably is.
SMiShing is getting more and more dangerous with the increased popularity of mobile banking. People use their phones for everything these days, and if you bank or conduct financial transactions on your cellphone or smartphone, you've got a lot of sensitive information at risk if it's exposed to malware or spyware.
Until security measures for mobile devices are improved, take our advice: Stay away from suspicious-looking texts, and hopefully the SMiShers will stay away from you.
- Bland, Eric. "Malicious Software Turns Your Phone Against You." Discovery News. March 9, 2010. (Oct. 7, 2011) http://news.discovery.com/tech/cell-phone-malware.html
- Blau, John. "McAfee Warns of SMiShing Attacks." PC World. Aug. 28, 2006. (Oct. 3, 2011) http://www.pcworld.com/article/126932/mcafee_warns_of_smishing_attacks.html
- Consumer Reports. "'Smishing.'" November 2010. (Oct. 3, 2011) http://www.consumerreports.org/cro/shopping/2010/november/sneakiest-new-shopping-scams/smishing/index.htm
- Federal Bureau of Investigation. "Smishing and Vishing." Nov. 24, 2010. (Oct. 3, 2011) http://www.fbi.gov/news/stories/2010/november/cyber_112410/cyber_112410
- Liebowitz, Matt. "Smishing: scary new malware scam." MSNBC. Jan. 17, 2011. (Oct. 3, 2011) http://www.msnbc.msn.com/id/41121201/ns/technology_and_science-security/t/smishing-scary-new-malware-scam/
- Mills, Elinor. "'SMiShing' fishes for personal data over cell phone." CNet. Feb. 24, 2009. (Oct. 3, 2011)http://news.cnet.com/8301-1009_3-10171241-83.html
- T-Mobile. "SMiShing." (Oct. 3, 2011) http://www.t-mobile.com/Company/PrivacyResources.aspx?tp=Abt_Tab_PhishingSMishing&tsp=Abt_Sub_IdentityTheft_SMiShing