An Etymology & History Lesson

Hacking is nothing new. In the 1970’s, we had hackers that were experts at gaming and abusing our telephone systems. They were able to avoid long-distance charges when placing calls, and those free calls may had led to them being called freaks. But soon after, those phone freaks were simply termed phreaks.

In the 90’s, cybercrime developed and spread via email. We needed a new term for all those deceptive, fraudulent messages going around. Borrowing from the cool jargon 20 years prior, we turned fishing into phishing and used that to refer to those emails that tried to get their hooks into people for their passwords and account numbers.

To this day, phishing remains a major vector for fraud and e-trickery. And phishing continues to evolve and adapt to how we communicate. The Simple Message System (SMS) caught on in the 2000’s and its text messages are now used for so much of our daily activities. And as SMS messages proved to be a viable medium for phishing attempts, a new portmanteau was born: smishing.

Only One Real Defense Against Smishing

Today’s smishes generally try to trick you into one of two things: 1) click on a bogus URL, so that you visit a deceptive site, or 2) call a phone number to connect you with a scammer. Each scam is a little bit different from the next, but in general, once you go down one of those two roads, your computer, finances, passwords and sanity are all at risk.

Your cellular provider blocks a lot of smish attacks, but there’s bound to be something that get through. Smish happens. Your best defense is education. Look at some examples of smishing messages and get familiar with them. And later, when some smish shows up at your door, you’ll just roll your eyes and move on.

Examples

Some smishing wants convince you of a purchase that you didn’t authorize. It could be for a laptop, or some antivirus or a Peloton Bike. It doesn’t matter what it is, what’s important is: the message is 100% fiction. There is no charge. There is no high-dollar item. Notice that the text message doesn’t even say which card has been charged! The bogus phone number doesn’t go to a bank; it goes right to a scammer’s cubicle.

Fake Purchase Smish

Another smish to consider is the Delivery Smish. This one lies about an imaginary package that couldn’t make it to your door. If you click the link, it will lead to a phishing website, where you will be asked for credit card information to cover a postage fee to get your package. But again, there is no package, but they will quickly run some real charges on your bank card, if they get that number from you!

Delivery Smish

You are almost never going to win anything through a text message. But below, you’ll see a smishing message that wants you to believe. Please don’t.

Lottery Smish

Ever get this text about a pending criminal charge or tax return problem? The police or FBI is not coming to arrest you. Or rather, if they are, they certainly aren’t going to text you in advance.

Going to Jail Smish

There are so many more examples I can give, such as Password Reset Smishing and Message from your CEO smishing. A couple of months ago, I blogged about the EBT Scam. Next year, I’ll have to blog about a new smish. Feel free to Google for “smishing examples” if you need more food for thought.

Common Traits to Watch Out For

  • The phone numbers in these bogus texts often give it away. The smish may arrive from an area code you’ve never dealt with before. Or the stated number may have odd punctuation. Plus, if you want, you can copy down the number and Google it. A lot of these scammers’ numbers will turn up in a search, on scam-watch websites.
  • The details are usually vague. There’s a pending charge, but it doesn’t say with which bank. You’ve won a prize, but from which company? Your plane tickets were cancelled, but the airline name is not mentioned. A legitimate notification would be crystal clear about important details.
  • The URLs are questionable, but sometimes you have to look closely. It’s a pretty obvious trap if the weblink contains wording like “curesickness.com.” But other URLs are written to look similar to trusted domains. They may only be one letter off, but if they’re trying to get you to tap on “www.disneyy.com”, think twice and back away.

How To Respond

First of all, don’t ever respond to a phishing text. Communicating in any way with a scammer is bound to get you more spam, phishing, smishing and other annoyances coming your way.

Treat smishing as you would any other spam: Report it, block it, delete it.

If you have a severe problem with too much SMS spam, contact your cell provider. They may offer extra spam-blocking options to curb the junk.

And if you’re just not sure, if you got a text and you worry that it might be legitimate… Close the text message and seek verification elsewhere. Call your bank from the number on your statement. Go to the Amazon website and chat with their support. Find real help somewhere else and they will corroborate the facts or dispel the myth.