What is Smishing

Lately, I’ve received several “smishing” text messages on my phone and I finally captured the audio of a full phone interaction with their voice response system.

Audio of Smishing Call

Here is the audio from a smishing phone call I recorded. Listen closely to see how they use fear to manipulate the victim into providing information.

What is Smishing?

Well, someone somewhere comes up with these cute names for things and “smishing” is no different. It’s a play on the term “phishing”, and the “Sm” part comes from SMS, which is the technical name for text messages on cell phones (Short Message Service). Did that make sense? If not, here’s a description from the fountain of all knowledge – Wikipedia:

Similar to phishing, smishing uses cell phone text messages to deliver the “bait” to get you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a web site URL, however it has become more common to see a phone number that connects to automated voice response system.

Scam Tactics 101

As you listened to the call, you should have noticed a few tactics scammers use to get your information:

  • Sound Official – The call starts with “You have reached Credit Union’s National Association online banking center.” That doesn’t even make sense, but it sounds good. Scammers will imitate real brands or sometimes use something pretty generic like this, but they’re always going to try to look and sound official.
  • Create Fear and a Sense of Urgency – It doesn’t take long before they start to scare you with “Compromised accounts may ruin your credit, place you in debt with us or other financial institutions.” They add “Failure to run this process will result in account suspension or financial penalties.” My favorite attempt to scare you is when they threaten you with prosecution if you give inaccurate information – unbelievable.

What Do They Ask For?

In this call, they are trying to capture a credit card number, expiration date, PIN, and card security code. With this information, they will attempt to make purchases online with your card, pull money from your account with an ATM, or possibly create a fake card containing your information.

How to Protect Yourself

It should be obvious to most people that these messages are scams. Unfortunately, the scammers just have to get a small percentage of people to fall for these messages to make it worth their time. Just like spam email, if a few people respond it will continue to be financially viable.

What complicates things a bit is some banks are now using text messages as a communication method for alerts or other information. In these alerts, they’ll often ask you to phone in to confirm a transaction or to alert you to a problem with your account.

If you’re concerned at all about the origin of an alert, always call your bank directly using the phone number from a bank statement or official web site. Never call using the number provided in a text message.