Don’t Be a Smishing Victim

Life And Privacy

Phishing is a widely known scam in which messages “fishing” for your personal information are sent to you via email. Generally, the message is not personalized, although phishing can be targeted to an individual or entire company. (This is called “spear” phishing.) The messages appear to be from a reputable organization like a financial services provider (your bank), but they are fraudulent. The scammer’s goal is identity theft: to obtain your personal info or credentials to steal your money, get you to download malware or send money or, with spear-phishing, to obtain business secrets or other institutional information.

“Smishing” is a type of phishing that uses text instead of email. The text requests your personal info (Social Security number, financial information, etc.) and may be topical or have an urgency, for example, relating to COVID, a prize you “won” and need to claim by a deadline, a child that’s been in an accident that needs your info for medical treatment, or, during tax season, appearing to be from the IRS and requesting info about your tax refund.

The goal is the same: get the victim to click a link, call a number, or communicate through an email address in the text and transmit their personal info. Smishing has become more prevalent recently as criminals are taking advantage of users’ preference for text usage over email.

The Federal Communications Commission advises that you take the following steps to avoid being victimized: Never click links, reply to text messages, or call numbers you don't recognize; Do not respond, even if the message requests that you "text STOP" to end messages; Delete all suspicious texts; Make sure your smart device OS and security apps are updated to the latest version; Consider installing anti-malware software on your device for added security.

Furthermore, businesses should train their staff to recognize scams so that they can help protect the organization, its customers, affiliates, and employees.

If you think you transmitted sensitive information to scammers, act quickly. Change associated passwords. Contact the actual company you thought had texted to advise them of what happened. If you gave out bank or credit card information, contact the bank or credit card company to report the suspected fraud and cancel the affected card. Run a check for malware on your phone to make sure malicious code was not downloaded on it.

If you are aware of a smishing scam or have been victimized, you can file a complaint with the FCC, which regulates communications services, at or by phone at 888-CALL-FCC (225-5322). You can also file a consumer fraud complaint with the Federal Trade Commission at or by phone at 877-382-4357.

The information contained in this column is provided for informational purposes only and should not be construed as legal advice.

 By Gille Ann Rabbin, Esq., CIPP/US, CIPP/E

Sign up via our free email subscription service to receive notifications when new information is available.