One of the most common types of text message scams is the phishing scam. This is where a scammer sends a text message that appears to be from a legitimate organization, such as a bank or government agency. The message usually contains a link or a request for personal information, such as login credentials or social security numbers. If the recipient clicks on the link or provides the requested information, the scammer can use it to steal their identity or commit fraud.

Spam is annoying, but is more than just an annoyance. This litter of unsolicited messages can also cause harm by promoting services or products which allow for bad actors to defraud their victims, or to inject malicious files or code into their devices.

In this article we will look at both text message phishing and spam, and review how best to defend yourself against these attacks.

Phishing

Text message scams, also known as smishing (which stands for SMS phishing), can be very easy to fall for. However, by learning about which signs to look out for, you can prevent yourself from falling victim to this type of attack and keep your accounts and data safe.

1. Check the number. If the message is sent from a mobile number, but it is claiming to be an official message from a bank or government service, then treat the contents of that message with caution. These attacks want to exploit the trust you already have in the organisation that they claim to be, and hope you will give up your personal information without thinking. Before you act, think and remember to check the number of the sender: if it isn't the number they usually contact you through, then let this raise your suspicions.
2. Urgency. Smishing attacks will try to instill a sense of urgency in their victims, often by threatening them with fines, charges and returns. It is common for them to apply time pressure, and threatening that if the victim does not divulge their information within a certain time period then the predicament put on them will worsen. This might cause some people to panic, which makes them less likely to think carefully about what they are doing and more likely to give up valuable data to the attacker. If a text message about a payment or fine has some time limit attached, be very wary about if and how you respond.
3. Check the links. It is common that these smishing attacks will contain links to a website where you would be asked to input your information. For example, it might link to a fake bank website and ask you to sign in with your username and password, or to provide other data about yourself like name, date of birth, and your bank card information. Before doing anything, make sure you double check the legitimacy of the link as it may redirect you to a fake website. Here is another tip: if the link is hyperlinked, commonly you are able to long-press it and find the web address it links to. Further, if the link is shortened, you can check the address of the website once you have been redirected to it by looking at the address bar.
4. Paper or paperless. In an effort to reduce the number of victims of smishing attacks, many companies will refrain from texting you altogether. Some official organizations might only contact you via phone call, by letter or email. If you are contacted by text message but are used to being contacted by some other medium, then this should also be a cause for concern.
5. Check the spelling. Text message scams can look very convincing, however sometimes they can include some obvious tells. If there are spelling mistakes, misuse of punctuation (for example, spaces before full stops and commas, or a lack of capitalisation) then hopefully your intuition will kick in and you will know that something is wrong. Always be sure to double check, as it is extremely uncommon for texts from legitimate businesses or government bodies to contain any spelling or grammatical errors.
6. Click nothing, check yourself. Regardless of who is texting you, what and why, if it claims to be from an official organization and contains a link, you might be better off not to click it at all. Instead, go to your internet browser and type in the organization's website yourself. This can be considered best practice, as doing this will circumvent the possibility of the link being fake.

Many of the principles that apply to other forms of phishing also apply to smishing as well. For more information, check out our other articles on How to Protect Yourself against Phishing Emails and Why Phishing Emails Contain Errors?

Spam

Text message spam is also very annoying and difficult to prevent, but itself can also be dangerous. Spam is where somebody sends unsolicited text messages often promoting products or services which can turn out to be fraudulent. These messages can be irritating, and time-consuming to deal with, but always be cautious because they can also be used to spread malware and other malicious software.

Firstly, make sure you are able to differentiate between a text message from a legitimate organization and spam. Never respond to messages that you recognize as spam. Even if the message provides you a means to opt out of future messages, this can indicate to the sender that the number they are sending messages to is active. They might then send your number to other spammers. What you might consider is implementing a spam filter to reduce the amount of spam that you receive.

Secondly, be wary about where your phone number ends up online. If your number is publicly available, for example on social media or on a person or business directory, then it may be scraped by attackers and spammers. If you find that you are being made the victim of a large number of smishing attempts or spam messages, you might need to review where your number is available and remove it where necessary.

Mobile phones are an essential part of modern life, and smishing will always be a threat. In order to keep yourself safe against them it's important to stay informed on new forms of attack, to remain vigilant by remembering to carefully consider each message you receive, and to take steps to protect yourself and your personal information. If you do fall victim to a text message scam, it's important to report it to the appropriate authorities and to take steps to mitigate the damage, such as freezing your credit or changing your password for any compromised accounts.

Our suggestion: stay informed and take proactive steps to protect yourself, in order to reduce your exposure to these scams and stay safe in the digital age.

Sources:

https://www.ofcom.org.uk/phones-telecoms-and-internet/advice-for-consumers/scams/coronavirus-scam-calls-and-texts

https://www.kaspersky.co.uk/resource-center/threats/what-is-smishing-and-how-to-defend-against-it

https://www.whiteblueocean.com/newsroom/how-to-protect-yourself-against-phishing-emails/

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.