Category: SMS/Text Message

Smishing

An Etymology & History Lesson

Hacking is nothing new. In the 1970’s, we had hackers that were experts at gaming and abusing our telephone systems. They were able to avoid long-distance charges when placing calls, and those free calls may had led to them being called freaks. But soon after, those phone freaks were simply termed phreaks.

In the 90’s, cybercrime developed and spread via email. We needed a new term for all those deceptive, fraudulent messages going around. Borrowing from the cool jargon 20 years prior, we turned fishing into phishing and used that to refer to those emails that tried to get their hooks into people for their passwords and account numbers.

To this day, phishing remains a major vector for fraud and e-trickery. And phishing continues to evolve and adapt to how we communicate. The Simple Message System (SMS) caught on in the 2000’s and its text messages are now used for so much of our daily activities. And as SMS messages proved to be a viable medium for phishing attempts, a new portmanteau was born: smishing.

Only One Real Defense Against Smishing

Today’s smishes generally try to trick you into one of two things: 1) click on a bogus URL, so that you visit a deceptive site, or 2) call a phone number to connect you with a scammer. Each scam is a little bit different from the next, but in general, once you go down one of those two roads, your computer, finances, passwords and sanity are all at risk.

Your cellular provider blocks a lot of smish attacks, but there’s bound to be something that get through. Smish happens. Your best defense is education. Look at some examples of smishing messages and get familiar with them. And later, when some smish shows up at your door, you’ll just roll your eyes and move on.

Examples

Some smishing wants convince you of a purchase that you didn’t authorize. It could be for a laptop, or some antivirus or a Peloton Bike. It doesn’t matter what it is, what’s important is: the message is 100% fiction. There is no charge. There is no high-dollar item. Notice that the text message doesn’t even say which card has been charged! The bogus phone number doesn’t go to a bank; it goes right to a scammer’s cubicle.

Fake Purchase Smish

Another smish to consider is the Delivery Smish. This one lies about an imaginary package that couldn’t make it to your door. If you click the link, it will lead to a phishing website, where you will be asked for credit card information to cover a postage fee to get your package. But again, there is no package, but they will quickly run some real charges on your bank card, if they get that number from you!

Delivery Smish

You are almost never going to win anything through a text message. But below, you’ll see a smishing message that wants you to believe. Please don’t.

Lottery Smish

Ever get this text about a pending criminal charge or tax return problem? The police or FBI is not coming to arrest you. Or rather, if they are, they certainly aren’t going to text you in advance.

Going to Jail Smish

There are so many more examples I can give, such as Password Reset Smishing and Message from your CEO smishing. A couple of months ago, I blogged about the EBT Scam. Next year, I’ll have to blog about a new smish. Feel free to Google for “smishing examples” if you need more food for thought.

Common Traits to Watch Out For

  • The phone numbers in these bogus texts often give it away. The smish may arrive from an area code you’ve never dealt with before. Or the stated number may have odd punctuation. Plus, if you want, you can copy down the number and Google it. A lot of these scammers’ numbers will turn up in a search, on scam-watch websites.
  • The details are usually vague. There’s a pending charge, but it doesn’t say with which bank. You’ve won a prize, but from which company? Your plane tickets were cancelled, but the airline name is not mentioned. A legitimate notification would be crystal clear about important details.
  • The URLs are questionable, but sometimes you have to look closely. It’s a pretty obvious trap if the weblink contains wording like “curesickness.com.” But other URLs are written to look similar to trusted domains. They may only be one letter off, but if they’re trying to get you to tap on “www.disneyy.com”, think twice and back away.

How To Respond

First of all, don’t ever respond to a phishing text. Communicating in any way with a scammer is bound to get you more spam, phishing, smishing and other annoyances coming your way.

Treat smishing as you would any other spam: Report it, block it, delete it.

If you have a severe problem with too much SMS spam, contact your cell provider. They may offer extra spam-blocking options to curb the junk.

And if you’re just not sure, if you got a text and you worry that it might be legitimate… Close the text message and seek verification elsewhere. Call your bank from the number on your statement. Go to the Amazon website and chat with their support. Find real help somewhere else and they will corroborate the facts or dispel the myth.

The Text-Based EBT Scam

For anyone involved in SNAP or receiving EBT funds, please be aware of the following scam:

This is a text message that did NOT come from the government or any legitimate entity. It is the beginning of a scheme to steal your EBT funds.

If you receive this text, do NOT call the number. Do NOT respond to the text. Simply ignore, delete or block this message.

If someone calls the number in the text, a scammer will answer and pretend to be with the government. They will try to learn the caller’s EBT account info and PIN. Once they have those numbers, the crook will drain the funds from the person’s EBT account.

The legitimate people in charge of SNAP and EBT will never text you. If you need to contact them, find their official phone number on this list and call them. And if you have fallen victim to this scam, please call your state’s EBT Client ASAP to see if anything can be done.

Spam Text Messages

Here are options for dealing with spam received via text message:

Forward the Message to SPAM

When you get a spam text, forward it to 7726 (SPAM). This helps your carrier know about what spam is spreading where, and they’ll study the trends to prevent more spam from reaching you.

To forward a message on Apple devices, consider the section at this page titled “Forward older text messages.”

For Android devices, try these steps to forward a message any spam text to 7726.

Block the Sender

Most phones allow you to block a specific number from sending you texts. So when that annoying spam message arrives, block the sender’s number.

Here are the steps to block a text sender on iOS. On Android, try these steps or maybe these will help.

Note: If a spammer is spoofing your number, so that the text looks like it is coming from you, don’t block it. Just forward it to SPAM as described above, and contact your provider if it keeps happening.

Contact Your Provider

Each cellular provider offers different free tools for blocking unwanted calls and texts. If you are receiving a high level of spam messages, reach out to them. Ask them to review your account and phone settings, to be sure that all possible features are enabled, to block the maximum amount.

Report Spam to the Government

You are welcome to report unwanted communication (calls OR texts) to the FCC and the FTC. The DoNotCall Registry also wants your reports of spam.


Caveats

When acting on a spam text (to block it), take care to not tap on any attached files or links.

Do not reply to any spam text with any complaints or commentary. Do not try to unsubscribe, as this may create more spam for you!

Text to 911

In case of an emergency, many parts of the USA support Text to 911. This technology allows you to contact 911 for help via text message (SMS).

The FCC reminds everyone that you should place a voice call to 911 whenever possible.

Much of the Shenandoah Valley((Warren County, VA has assured me they support this tech, even though they are not on the FCC list)) is covered, as shown on the FCC’s Public Safety list. Please feel free to verify other American cities and counties using that list. Or, reach out to your local police department or county offices to ask.

For more details, read up at the main FCC page for this technology.

Informed Delivery by USPS

The 2001 Anthrax Attacks led the USPS to begin scanning and tracking our postal mail. All USPS mail is photographed and/or scanned as it passes through sorting machines and sent on its way. This mass surveillance program is called Mail Isolation Control and Tracking, or MICT for short.

Eventually (in 2017), the USPS decided to share this bevy of information with its customers, in the form of a program called Informed Delivery. If you sign up for Informed Delivery, you can get a preview of your mail that will arrive later that day. This service is free to all eligible addresses, and you can sign up at this site. Typically, you will receive an email each morning, showing an image of all mail arriving that day, but they also appear to offer a text notification option, too!

I can see so many uses for this tool. If you have a problem with missing mail, it might give extra information about where it is getting lost. If you aren’t at your residence every day, it can give you a heads-up when something important has arrived. It might also help you intercept a birthday present that’s arriving for your spouse. And so on.

It even works for some PO Boxes, but you must try to sign up at their website to find out if your address is currently eligible.

© 2024 BlueScreen Computer

Theme by Anders NorenUp ↑