Dealing with a Smishing Attack
You receive a text message, often from your bank, claiming there’s an issue with your account, a payment problem, or suspicious activity. The message will contain a link to click or a number to call to resolve the issue. This is known as a smishing attack.
If it’s a link, it directs you to a fake website that captures your bank login information. If it’s a phone number, it’s not your bank, and the scammer will try to extract information like passwords and PINs.
Fraudsters don’t just pretend to be your bank. They might claim to be from online accounts like PayPal, subscription services like Netflix, or even government organizations like the IRS and the Social Security Administration.
Sharing Your Experience
We want to understand the impact of experiencing this issue. By filling out this Impact Form, you can help us better protect future victims.
How to Spot a Smishing (Text Message Scam) Attempt
Unexpected Text Messages: It’s rare for organizations like banks to send texts about serious issues like account activity. If you get an unusual text, consider it a scam.
Strange Phone Numbers: Smishing messages come from unfamiliar numbers that don’t match the official contact details of the organization. Always check the number on the organization's official website.
Sense of Urgency: Smishing messages often create urgency, warning of suspicious activity or pretending someone you know needs immediate help. Verify these claims using contact details you already have, not those in the message.
Unrecognized Links: These messages may ask you to click a link. Hover over the link to check the true URL, and watch for slight misspellings or unexpected addresses.
Poor Writing: Smishing messages often have poor spelling and grammar, or a different writing style than usual.
What to Do If You Fall for a Smishing Scam
Take Your Device Offline: Disconnect from the internet to limit the malicious software’s ability to spread.
Change Your Passwords: Use a different device to change the passwords for any accounts accessed from the compromised device.
Contact the Impersonated Organization: Report the attack, change your passwords, and follow their instructions. If you shared financial information, contact your bank and potentially get a new card.
Scan for Malware: Use antivirus software to scan your phone for viruses and malware.
Watch for Identity Theft: Monitor your financial statements for unauthorized activity and ask your bank to alert you of unusual activity.
Reporting the Crime
You can report with the FBI: by filing a compliant with the Internet Crime Complaint Center, at ic3.gov
Forward the Malicious Text: Send it to 7726 (free of charge) to alert your mobile network.
Use your platform reporting tools: Some mobile platforms like Android and Apple have native reporting features within the SMS app.
Avoiding Future Smishing Scams
Be Suspicious of Text Messages: Be wary of texts from unknown senders.
Trust Your Gut: If something feels off, it probably is. Verify directly with the supposed sender.
Never Share Personal Information via Text: Legitimate organizations won’t ask for sensitive information this way.
Type URLs Directly: Don’t click links in texts. Go to the organization's website manually.
Verify Phone Numbers: Check numbers in texts against official contact details on the organization’s website.
Be Good at Security: Consider using sites like Secure our World and FBI SOS! to improve your understanding of online security. The more secure you are, the more likely cybercriminals will move on to easier targets.
Support our Blog
If our blog helped you resolve your cyber issue, we kindly ask you to consider making a "pay it forward" contribution. Your support enables us to continue providing updated cyber solutions for you and others.
