Smishing Stinks

I’ve received urgent text messages about package delivery failures or unpaid tolls this past year. You’ve seen them, too.

Phishing and smishing both reek of fish.  A phishing email and a smishing text pretend to be from a legitimate company. Both are trying to bait you to reveal your personal information.

Questions to Ask about That Suspicious Text

A suspicious text may be an obvious cyberattack, but if you’re unsure, here are some questions to help you.

General Questions

Origin of the text:

• Do I trust the sender?
• Is the logo or name familiar?
• Is the sender’s number unusual or long?
• Was the text a group text?

Structure of the text:

• Does the content have poor English, such as grammatical errors or unusual phrasing?
• Is the wording impersonal?

The offer:

• Is the offer too good to be true?
• Is the offer suspicious?
• Is the text asking for personal information or money?
• Is the timing “urgent?” The one I received today says I have to reply by tomorrow.
• Is the message threatening? Such as promising legal action if you don’t reply.

Remember, the cybercriminal doesn’t want your “$5.36 late toll fee,” they want your personal information. They have bigger fish to fry.

Specific Questions

You may need these questions, too.

If the message is from a person you might know:

• How long has it been since you’ve communicated with this person?
  • If you have a weak affinity or rarely communicate, the text is probably from a cybercriminal.

If you’re offered a prize or a refund:

• Do I know the organization?
• Do I have an account with them?
• Have I entered a contest with them?
• Is the amount unusual?
• Is this the first message I’ve received from them?

Or if  the text is about a payment:

• Have I bought something recently from them?

If the text has a link or an attachment:

• Is the link or attachment needed?
• Does the link look suspicious?

Steps to Take

• Don’t click on links.
• Don’t open attachments.
• Don’t respond to the message.
• Block the sender’s number.
• Report the message as spam.

If you still have doubts:

• Don’t use numbers of links in the text.
• Do a search.
  • Find the organization’s official contact information and check in with them.
  • When you search, you may come across an article exposing the scam.

Screenshots

Here’s the smishing text I received today. I’ll list my steps to illustrate what to do.

• The text was sent to multiple people.
• The phone number is odd. (90 is from Turkey or Türkiye.)
• We use SunPass, not E-Z Pass.
• We pay automatically, so we would not have an outstanding payment.

• I clicked on the three dots for the text.
• I scrolled down to “Report spam” and clicked.

 

• I chose “yes” to report the spam.

 

• I could back out if I made a mistake, but this was spam.

Cybercriminals will come up with new schemes. Be alert. Don’t let those spammers reel you in!

NOTES:

• • I recommend reading the CyberScoop article, “Who is sending those scammy text messages about unpaid tolls?”
  • Red Danger photo by Matt Artz on Unsplash.