How to Protect Yourself From SMS Phishing and Fraud

by Jeff Haden | Last updated 10th November 2015

Most people can immediately sniff out an email sent by identity thieves and phishers. Poor graphics, misspelled words, awkward language … You can spot a fraudulent email a mile away. In most cases you don’t even open them; you just click the “junk” button and move on.

That’s not always the case with text messages, though. Most people are less wary of, and more likely to fall prey to, SMS fraud, partly because it’s less prevalent than junk mail, and partly because SMS messages in general have a much higher delivery and open rate. To make things worse, there are no spam filters to catch spam texts.

And besides – the sender has your phone number, so he or she must know you, right?

Wrong. Identity thieves and phishers are increasingly turning to SMS messages to defraud the unwary. According to a study by Cloudmark, at least 70% of all mobile phone text spam is designed to defraud you in some way. (Surprisingly, only about 10% of spam arriving by email is sent with that intent.)

Text spam may try to lure you to websites that install malware on your phone to vacuum up your personal data. Or the message may advise you to dial a phone number where your personal and financial information will be requested; any information you provide can then be used to steal your identity, and could also be passed on to other people who will send you more spam texts.

Let’s make sure that doesn’t happen to you.

If you receive a text message requesting that you take some sort of action or respond in some way – to click on a link, to provide personal information or to call or email – take the following few steps to ensure you protect your personal and financial information.

Ensure the Validity of the Sender

Say you receive a message that appears to be from your bank. (My bank alerts me when my balance drops below a certain point. Wait – should I admit that ever happens?) If you’re unsure, call the number. Fraudsters don’t want to reply to phone calls, and if they do, the quality of the call and the lack of professionalism can be a sure giveaway.

And if you’re still unsure, go to your bank’s website, log on and deal with the issue that way instead of by responding to the text.

Don’t Click a Link Unless You’re Absolutely Certain

Let’s say an airline texts to say your flight has been cancelled. If you’re unsure of the validity of the text, don’t click the link to “reschedule your flight”. Call the airline, use the airline’s app or log on to its website to check the flight status and reschedule if necessary.

Links don’t necessarily take you to a website; links can also install malware on your phone designed to siphon off your personal data without your knowledge.

Don’t Provide Any Personal Information

“Any” includes not just financial information like your Social Security number, bank account numbers, credit card numbers, passwords, etc. – it also includes your name, address and any other information.

No legitimate sender will ever ask you to provide information by text. If you receive a text that says your account will be blocked unless you update your information, you can be certain it’s a fraudulent text. If you’re unsure, go to the website of the account in question and check things out for yourself.

Don’t Text “No” or “Stop” to Prevent Future Texts

It sounds like a good idea. You receive a text that says, “If you do not wish to receive further texts from us, simply respond by texting ‘No’.”

Will the fraudster stop? It’s unlikely – the goal of asking you to respond is to determine if your number is an active number. Responding will only ensure you receive a lot more texts – and probably from different fraudsters as well.