How to Spot and Stop Smishing Scams

You get a text message that appears to be from your bank, warning you of suspicious activity on your account. It urges you to click a link and verify your information immediately to avoid having your account locked. What do you do?

If you’re like many people, you might panic and click without thinking twice. And that’s exactly what the scammers behind this “smishing” attempt are counting on.

Smishing and phishing are on the rise. The FBI reported that phishing schemes were the number one crime type, with over 300,000 complaints. For cybercriminals, manipulating unsuspecting targets via text is even more effective than email phishing, as mobile users tend to trust texts more and respond more quickly. In fact, ​​90% of all text messages are read within 3 minutes of being received.

Older adults, in particular, are being bombarded with smishing attempts since scammers see this generation as less social media and tech-savvy and more susceptible to urgent demands. According to the Federal Trade Commission (FTC), adults 60 and older reported $1.6 billion in losses in 2022 to scams.

But you don’t have to become a statistic. We’ll explain exactly what smishing is, how to recognize the telltale signs of a scam, and what steps you can take to protect yourself.

What Is Smishing?

Smishing, a mashup of SMS (text messaging), is a type of fraudulent activity in which scammers send deceptive text messages to trick you into revealing sensitive information, downloading malware, or giving them money. It’s essentially phishing (where criminals impersonate legitimate entities to steal data or spread viruses) but conducted via SMS rather than email.

In a typical smishing attempt, the scammer will:

• Impersonate a trusted company, government agency, or individual.
• Create a false sense of urgency or threaten a negative consequence.
• Pressure you to click a link, provide information, or send money.

For example, you might receive a text claiming to be from Amazon about an issue with your account. The message will insist that you must verify your payment details immediately by clicking on the provided link. But that link won’t take you to Amazon—it will direct you to a fake site designed to capture your login credentials and credit card number.

Alternatively, the link might secretly install malware on your phone. Malware encompasses different types of cyber security threats, including viruses, adware, spyware, and ransomware. Other times, the scammer will simply demand that you reply with personal information or wire them money directly.

What makes smishing so insidious is that our smartphones have essentially become extensions of ourselves. We’re constantly checking them and are more likely to read and respond to texts quickly without scrutinizing them as closely as emails. Scammers exploit this behavior, using the immediacy and intimacy of texting to manipulate their targets.

Common Smishing Tactics and Examples

Smishing scams can take many forms but rely on similar psychological tactics. Scammers will impersonate trusted authorities, create false urgency, and pressure you to act quickly without thinking. To prevent smishing, understand some of the most common ploys to watch out for:

• Delivery Notification Scams: With the rise of online shopping, delivery scams have become increasingly sophisticated. Fraudulent texts claiming to be from UPS, FedEx, or Amazon will alert you about a missed delivery or shipping fee. They’ll urge you to click a link to reschedule or make a payment.
• Prize and Lottery Scams: Unexpected prize notifications are a classic scammer favorite. The text claims you’ve won a gift card, a free vacation, or even a lottery jackpot. All you have to do is click a link to claim your winnings—and, inevitably, provide your personal information or pay a processing fee.
• Tech Support and Malware Scams: A common ploy involves fake tech support alerts. The text will claim that your device has been locked or infected with a virus, and that you need to click a link or call a number for immediate assistance. In reality, clicking the link will trigger a malware download that gives scammers access to your device and data.
• Government Impersonation Scams: Scammers often pose as government agencies like the IRS, Social Security Administration, or DMV. They may claim that you owe money, that your benefits are in jeopardy, or that you must update your personal records. The goal is to intimidate you into sharing sensitive data or sending payments.
• Bank and Financial Account Scams: You’ll receive a message claiming suspicious activity on your account or that your card has been locked. The text will insist that you must verify your information immediately by clicking a link or calling a number. Of course, the link won’t take you to your actual bank—it will steer you to a fraudulent site designed to capture your login credentials and personal information.

5 Smishing Examples

Here are some common examples of smishing tactics to be aware of:

1. Bank and Financial Account Scams:

Example: “Your account has been temporarily locked due to suspicious activity. Click here to verify your identity: [malicious link]. If you do not respond within 24 hours, your account will be permanently closed.”

2. Delivery Notification Scams:

Example: “Your package could not be delivered. Please reschedule delivery by clicking the following link: [malicious link]. Failure to do so may result in the package being returned to sender.”

3. Prize and Lottery Scams:

Example: “Congratulations! You’ve won a $500 Amazon gift card! Claim your prize now by visiting [malicious link]. Offer expires in 24 hours.”

4. Tech Support and Malware Scams:

Example: “Your device has been compromised! Contact Microsoft Support immediately at [fake phone number] or visit [malicious link] to fix the issue and prevent data loss.”

5. Government Impersonation Scams:

Example: “URGENT: You owe unpaid taxes. Failure to act will result in legal action. Pay now via [malicious link] or contact the IRS at [fake phone number].”

How to Recognize Smishing Attempts

While the specific content may change, nearly all smishing attempts share some telltale characteristics. Spotting a smishing attempt is all about paying attention to the details. Here are the top warning signs:

• Unexpected requests for personal information.
• Unfamiliar links or phone numbers.
• Threats or high-pressure language.
• Poor spelling and grammar.
• Generic greetings (not addressing you by name).

Be on high alert if a text hits any of these red flags. Legitimate companies will never ask you to verify sensitive information via text or threaten you with severe consequences out of the blue.

What to Do If You Receive a Suspected Smishing Text

If you receive a text that you suspect is a smishing attempt, follow these steps:

• Do not click any links or call any numbers in the message.
• Do not reply to the message, even if it gives you an option to “stop” future texts.  
• Block the number that sent the message.
• Delete the text.
• If the message claims to be from a company or agency you do business with, look up their official number and call them directly to verify the request.
• Forward the suspicious text to 7726 (SPAM) to alert your carrier.

Remember, when in doubt, throw it out. It’s always better to err on caution than risk falling for a scam.

How to Protect Yourself from Smishing

In addition to being vigilant about spotting and reporting smishing attempts, there are several proactive steps you can take to protect yourself:

• Don’t respond to unsolicited texts or click on a link from unknown senders.
• Keep your phone’s operating system and security software up to date.
• Use two-factor authentication on all of your online accounts.
• Be cautious about sharing your phone number publicly or online.
• Educate yourself and your loved ones about the latest scammer tactics.
• If you’re unsure about a request, independently verify it through official channels.

Incorporating these habits into your routine will make you far less likely to fall victim to a smishing scam or other social engineering tactics.

Stay Vigilant and Outsmart the Scammers

In our increasingly connected world, scammers are always finding new ways to exploit our trust and manipulate our emotions, such as sympathy, fear, greed, guilt, isolation, and dependency. But by arming yourself with knowledge and remaining vigilant, you can stay one step ahead of their schemes.

Remember, smishing attacks are designed to catch you off guard and pressure you into making a hasty decision. Always take a moment to pause and evaluate any unexpected requests for your personal information or money, no matter how urgent they may seem.  

If we all work together to report smishing attempts and educate each other about the warning signs, we can make it harder for scammers to succeed. So share this article with your friends and family, and encourage them to stay alert.

With a little caution, you can confidently navigate the digital world and keep your information safe. Don’t let the scammers win—stay savvy and secure.