The Federal Communications Commission (FCC) has cautioned Americans about an increase in SMS (Short Message Service) phishing attacks aimed at stealing their personal information and money. Such attacks are also known as smishing or robotexts (as the FCC refers to them), and the fraudsters behind them may utilise a variety of enticements to fool you into disclosing sensitive information.
"The FCC tracks consumer complaints – rather than call or text volume – and complaints about unwanted text messages have risen steadily in recent years from approximately 5,700 in 2019, 14,000 in 2020, 15,300 in 2021, to 8,500 through June 30, 2022," the US communications watchdog's Robocall Response Team said [PDF].
"In addition, some independent reports estimate billions of robotexts each month – for example, RoboKiller estimates consumers received over 12 billion robotexts in June."
Smishing baits reported to the FCC by American customers include statements concerning unpaid bills, package delivery concerns, bank account problems, or police enforcement activities.
Links sending users to landing pages imitating bank websites and requesting them to authenticate a transaction or unlock frozen credit cards are among the most clever and persuasive baits used in text message phishing attempts.
Phishing SMS messages may also be faked to make it look that the sender is someone you're more likely to trust, such as the IRS or a company one is familiar with.
While some attackers will try to steal financial information, others are less fussy and will collect whatever personal information they can get their hands on to use in later frauds or sell to other bad actors.
The FCC suggests the following methods to protect against SMS phishing attacks:
- Do not respond to texts from unknown numbers or any others that appear suspicious.
- Never share sensitive personal or financial information by text.
- Be on the lookout for misspellings or texts that originate with an email address.
- Think twice before clicking any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to ensure they weren't hacked.
- If a business sends you a text you weren't expecting, look up their number online and call them back.
- Remember that government agencies almost never initiate contact by phone or text.
- Report texting scam attempts to your wireless service provider by forwarding unwanted texts to 7726 (or "SPAM").
"If you think you're the victim of a texting scam, report it immediately to your local law enforcement agency and notify your wireless service provider and financial institutions where you have accounts," the FCC added.
