SMS text message scams are costing Americans $86 million per year: Internet Scambusters #999
Text messages are a fantastic way to communicate quickly both for business and personal use.
But because they're so popular, crooks are using the short messaging service (SMS) to perpetrate fraud and other scams.
In this week's issue, we outline the most frequent types of text scams and the simple actions you can take to avoid being caught out.
Let's get started…
How To Spot And Stop A Scam Text Message
Text messages are rapidly replacing phone calls and emails as the preferred method of brief communication (called a short messaging service or SMS) for many of us -- making it a favorite target for scammers.
Latest available statistics show that Americans lost about $86 million through text-based frauds during 2020. Add to that the frustrations of billions of spam texts sent to our mobile devices every year.
Scammers particularly like them because texts seem to call for an urgent response -- before you have time to think them through.
Many of the SMS tricks are variations of those we're used to in emails or by phone but getting them via texts can catch us unawares.
Let's take a closer look at the five most common text scams:
Smishing: This is phishing via SMS, and it encompasses some of the scams outlined below. Phishing or smishing is an attempt to try to steal personal information from you -- for identity theft or simply to get crooks' hands on your money.
Usually, the message says that one of your accounts at a retailer or bank needs to be updated or reactivated. It includes a link, which takes victims to a fake sign-on page where names and passwords are stolen.
A smishing message might also say you've won a prize or some kind of award or notify you about a supposed package delivery. Or it might offer you a free trial (with a hidden recurring charge).
Don't click on links, phone numbers, or enter website details in the message no matter how believable.
Friend/Relative in Distress: This is a variation of the phone trick sometimes known as the grandparent scam. You receive a text seeming to come from someone you know, saying they're in trouble and asking for money to be wired to them.
This particular scam is hot on WhatsApp right now. It has the advantage over phone calls of crooks not having to impersonate the voice of the individual they're pretending to be. Usually, the trickster will also say they have a new number to avoid arousing suspicion or they may have hacked into the supposed caller's phone (see below).
And because victims have no reason to believe a con artist has their number, it's easy to fall for the trick.
But often, as with distress phone calls, the scammer doesn't know the name of the person they're impersonating so their identity is not shown on the incoming text and they use vague phrases like "Hi mom, it's your favorite son."
And even if they do know who they're pretending to be, you can avoid this scam by either asking them a question that only the real person would know the answer to or simply contacting the real person and checking if it's them.
Hack Attack: Sometimes, both for the above scam or simply to get access to a person's phone account, the fraudsters use a clever verification scam.
Victims get a genuine message from WhatsApp with a code that they would normally have (but haven't) requested. Then they get a message from an imposter, posing as a friend saying they accidentally sent their own code to them and asking for it.
They must already have your phone number, since they contacted you. Now they also have a verification code (used for two factor authentication), so they're all set to access your account.
The bottom line on this scam is that you should never share a verification code from any source with someone else, even if you think it's someone you know.
Bank/Card Security: This is a widespread smishing scam using a message that pretends to come from your bank or credit card company. It usually says either your account has been compromised, your card has been deactivated, or there's some other problem with it.
You're asked to phone a 1-800 or other number where you'll be asked to confirm your account details, your PIN, or even the three-digit security code on the back of a card. The crook may even request your online password.
Just don't do it. Financial organizations don't operate this way. But even if you think the alert is real, contact them using their listed phone number or the number on the back of a card.
Spam: You're very lucky, you may even be unique, if you've never received an unsolicited text message offering you some kind of deal or requesting certain actions.
Millions of these spam messages are sent out every day at random and using fast-dialing computer systems or networks of compromised machines (botnets).
In fact, many of the scams like those mentioned previously are spammed, that is, transmitted in their hundreds or thousands.
A common trick is to pretend to be a package delivery service like UPS or FedEx or an online retailer like Amazon alerting you to a shipment code. But if you click on the included links, you'll be taken to a fake webpage where you'll be asked for sign-on or other confidential information.
The avoiding action here is to never click on links in unsolicited texts. Go straight to the real source instead and check there. Also consider using a spam-blocking app on your phone.
Always be skeptical of any text that asks you to take action by clicking a link, phoning a number, visiting a website using an address given in the text, or by emailing. And never rush to action without thinking things through.
Even be wary of keying in the word "STOP" to try to halt unsolicited messages from a particular source. It tells the scammer they've got a hit.
And don't believe that the name or number shown on the incoming text is real. Scammers can spoof or disguise them.
While there's no doubt that text messages are a highly convenient method of communicating, the system is wide open to scammers. Always be on your guard.
This Week's Scam Alerts
Microsoft warning: The tech giant is warning of new attempts to install malicious software on computers using the firm's Office 365 suite. Victims receive an email seeming to come from Microsoft with an app attachment labeled "Upgrade." Installing this enables crooks to read and write emails in a victim's name as well as the ability to read other files. Microsoft doesn't send notifications like this, so don't install.
Be Informed: The non-profit Identity Theft Resource Center (ITRC) has launched a free data breach alert service for consumers, after announcing a 68 percent increase in breaches during 2021. Sign up here.
Fake masks: You may have seen official advice to use protective facemasks designated N95, KN95, and KF94. This had led to a flood of fake masks that don't provide the right level of protection. Make sure you buy your masks from a reputable manufacturer and trusted retailer.
That's it for today -- we hope you enjoy your week!