The Federal Trade Commission (FTC) is warning of a dangerous new breed of identity theft scams known as “smishing.” Similar to “phishing” scams - authentic-looking emails that appear to be from the victim's bank, government agencies, or other well-known organizations - “smishing” scams are text messages sent to mobile phones.
While the risks of smishing scams are potentially devastating, the defense is simple. According to the FTC, “Just don't text back.”
How the Scammer Sets the Trap
The scarily convincing smishing scams work like this: You get an unexpected text message appearing to be from your bank informing you that your checking account has been hacked into and deactivated “for your protection.” The message will tell you to reply or "text back" in order to reactivate your account. Other smishing scam text messages may include a link to a website you need to visit in order to resolve some non-existent problem.
What a Smishing Scam Text Message Might Look Like
Here is an example of one of the scam texts:
“User #25384: Your Gmail profile has been compromised. Text back SENDNOW in order to reactivate your account.”
What's the Worst That Can Happen?
Do not respond to suspicious or unsolicited text messages, advises the FTC, warning that at least two bad things might happen if you do:
- Responding to the text message can allow malware to be installed that will silently collect personal information from your phone. Imagine what an identity thief could do with the information from an online banking or credit card management app. If they don't use your information themselves, the spammers may sell it to marketers or other identity thieves.
- You might end up with unwanted charges on your cell phone bill. Depending on your service plan, you may be charged for sending and receiving text messages, even scams.
Yes, Unsolicited Text Messages Are Illegal
Under federal law, it is illegal to send unsolicited text messages or email to mobile devices, including cell phones and pagers without the owner's permission. In addition, sending unsolicited text or voice mail or telemarketing messages using a mass auto-dialer, so-called “robocalls,” is illegal.
But There Are Exceptions to the Law
In some cases, unsolicited text messages are allowed.
- If you have established a relationship with a company, it may legally text you things like statements, account activity alerts, warranty information or special offers. In addition, schools are allowed to text informational or emergency messages to parents and students.
- Political surveys and fundraising messages from charities may be sent as text messages.
How to Deal With Smishing Scam Messages
The FTC advises not to be fooled by smishing scam texts messages. Remember this:
- None of the government agencies, banks, or other legitimate businesses will ever request personal financial information via text messages.
- Take your time. Smishing scams work by creating a false sense of urgency by demanding an immediate response.
- Never click on any links or call any phone numbers in an unsolicited text or email messages.
- Don't respond in any way to smishing messages, even to ask the sender to leave you alone. Responding verifies that your phone number is active, which tells the scammer to keep trying.
- Delete the message from your phone.
- Report the suspect message to your cell phone service carrier's spam/scam text reporting number or general customer service number.
Complaints about text message scams can be filed securely online using the FTC's complaint assistant.