By now you are probably already familiar with "Phishing.” You know the deal. Hackers or other nefarious online criminals will send you suspicious links via email, social media or redirect you to fake websites to collect private information. DespiteRansomware in focusToday, many online criminals still use various forms of phishing to steal your money from unsuspecting web users. But it's not just incomplete websites to worry about. Phishing has given way to a new generation of digital fraud:strident.
What is smishing?
"Smishing" is a portmanteau of "SMS phishing" or phishing that occurs via text messages.While it's hard to trace the first smishing incident, Google Trends shows that smishing (and vishing) has increased dramatically over the past decade.. This data coincides with what security researchers still haven't figured out: scams are increasingly targeting mobile users. Smishing is just one of the many ways these attacks manifest themselves.
How does smishing work?
The more time you spend online, the greater your chances of losing data due to a data breach. ONE2017 Pew Research-Studiefound that 64% of Americans have been victims of at least one data breach. That number has likely increased since then. The end result? If you've ever given your number to a company (either online or in person), you may have already lost that number due to a data breach. And if you're getting text messages from people you don't know, it's probably because your number was lost in a data breach and then purchased on the dark web.
Bought on the dark web? Yea!
Vast amounts of stolen consumer data is being bought and stolen on dark web marketplaces, often for just a few dollars per download. From there, all a cybercriminal needs to do is set up an automated virtual number service and start spamming phone numbers with SMS phishing attempts.
a 2017NBC Nightly NewsThe report highlights a smishing scam trying to trick victims into activating a new credit card. The messages asked individuals to call a number and enter private information over the phone. Other smishing scams identified by the report include those that inform users that their online accounts (eg Apple ID) are expiring. Others offer promises of cash prizes from companies like Walmart if you click on the included link.
DO NOT click on these links
Sometimes smishing can actually cause users to install a virus on their device. In these situations, the results may be worse for some users. ONEPew Research Researchfound that only 32% of smartphone users have antivirus software installed on their devices. And while the data doesn't differentiate between iPhone and Android users, our best guess is that most of that 32% is on Android. Unfortunately, Mac users often avoid antivirus programs,mistakenly believeYour Apple devices are immune to threats.
Overall, smishers are usually looking for the missing piece of the puzzle that they failed to get with the hacked data. It could be a social security number, PIN number, password, or some other private detail that helps them access their accounts. It's easy to say "don't give it to them", but many smishing scams are intricately designed to get a response, even if that response is just a short-lived, tentative click on a seemingly legitimate link.
How to avoid smishing blows
There are several strategies you can use to avoid falling victim to a smishing scam:
- Do not click links in spam texts
- Don't reply to messages
- Look up spam numbers to make sure it's spam
- If the spam messages are using a legitimate company name, call that company directly from their official number to verify
- Use a VPN to reduce smishing attempts
- Use the spam blocker app to automatically block smishing attempts
Let's take a look at how these strategies work in practice.
1. Do not click on any link in the message
Most smishing involves emotional manipulation. Scammers generally don't need you to openly divulge passwords, PINs, and social security numbers. Sometimes they just need to pique your interest for you to click a link and download a virus to your phone or enter your information on a website. There's a good chance that if you've clicked on a phishing link, your mobile device is already infected. Viruses are designed to stay hidden and you might not realize that your phone is actually infected.
Common signs that your mobile device is infected include:
- excessive memory usage
- Your phone keeps overheating
- Your battery drains faster (due to background activities)
- Pop-up messages when using smartphone web browser
If you've clicked on a link in a suspected smishing text message, your best bet is to install an antivirus app and scan your device. Any virus lurking on your phone can log keystrokes and steal private information, which means the smishing scam may already have been successful. Still, it's best to cut it short by the heels, even if you've lost valuable information by that point.
On the other hand,Installing an antivirus applicationcan help prevent smishing attacks in the future. A good antivirus application should block all future attempts to install viruses and potentially malicious websites.
2. Do not answer or call smishing numbers
Even if the spam message says "SMS 'Stop' to stop receiving messages", never send a reply!
Responding to a fraudulent number, even with a "stop" message, may even result in you receivingmostAdverts. The same can happen when you try to call the smishing number. Scammers often don't know if the numbers they are spamming are up or down with no response. By replying, you confirm that the number is active, which causes the spammer to focus on your number again.
A more effective option is to block the number immediately after receiving the spam text message. Updated versions of Android and iOS devices allow you to block numbers from your SMS app.
3. Do a web search for both the number and message content
If you're feeling a little uncomfortable about a potential smishing scam, type the number or message (or both) into a Google search. You are probably not the first person to receive this message. In many cases, you can find other people posting to various websites using fraudulent numbers. However, do not rely on just one negative response or request. See if a suspicious number or message has several other people commenting that the number might be a scam.
For personal reference, I tend to get an overwhelming crowdSpam and automated calls. My favorite site to look up numbers is800notes.com. When I get a call or SMS from a suspicious number, I trust the site to check for potential scams or spam counts.
4. If the phishing message contains a legitimate company name, call the company directly
Some flattering messages try to trick you by using a well-known company name such as B. a retail store or a bank to attract. If you think the message is a scam, find this company's customer service number on their official website instead of calling or texting the scam number. Contact the service using this number and find out about the message received. If they confirm it's not theirs, delete it.
5. Use a VPN on your mobile device
Cyber criminals can use your location to target smishing attacks. According to Internet security company Sophos, these are cybercriminalsuse more and more location datato better serve people. Cybercriminals can use this data to send lightning-fast messages that appear hyperlocal. Personal and localized collision attempts are more likely to result in a victim response.
A VPN app like ExpressVPNcan help spoof your location and hide you from localized smishing attempts. When you receive a smishing message based on your fake location, it is much easier to identify that messages from unknown numbers are scams.
6. Use a spam blocker app
Are you struggling with a spam stream of SMS or phone calls on your Android or iOS device? You may have some solutions available in your app store or even your mobile operating system.
Related: The Best Spam Call Blockers for iPhone
Block Calls and Texts on iOS
Since the introduction of iOS 7, Apple has included blocking calls and text messages as a software feature. To block text messages or phone numbers, go to:
- Phone (or Messages for SMS)
- clogged up
From there, add the numbers you want to block to reject all new messages. You can also block text messages by going to your messages, selecting the offending message, selecting "Details" under the "i" in the top right corner of the screen, and selecting "Block Caller".
Keep in mind that you need to add a number to your contact list for this to work. This is a good way to block contacts.recidivist, but will not block smishing attempts or other phone spam attempts from unregistered numbers.
If you're looking for a smarter call blocker, consider this one.Robokiller. This app has been praised by the Federal Trade Commission for its ability to significantly reduce the number of spam calls coming to your phone. RoboKiller has logged several spam numbers in its system, but it also predicts when a call is likely to be spam. Any incoming call can be added to your blacklist. Blocked numbers you want to receive will be whitelisted. As of November 2017, RoboKiller also includes an SMS filter to block unwanted smishing and other spam text messages.
See too: Phone Spam Statistics
Block calls and text messages on Android
Since Android phones are not uniform in architecture, you may have the option of adding numbers to a blacklist. Each device manufacturer modifies Android in different ways, and some mobile networks like T-Mobile or Verizon may change operating systems even further.
To find out how to specifically block numbers on your phone natively, first do a Google search. For example, you can search "how to block texts on galaxy s20". This search will return different results depending on your device and Android version, so please double check.
If you are not sure which device you are using,majorityAndroid phones have this information available throughDefinitions>By phone. If you look under "Phone Name" it should contain the exact phone model you are using, defaulting to the phone "Name" that is displayed when you connect to a Wi-Fi network. However, if for some reason you changed your phone's name and you can't remember the model number, tap Hardware Information. You will also find the information there.
Like iPhones, number blocking filters out repeated spam calls and smishing attempts, but it doesn't intelligently block new numbers. For this, Android users have a long list of options.
The Google Play Store is full of SMS and call spam blockers. However, as with most Android apps, you'll need to do a little personal research to decide which app to trust.Rule of thumb: check app ratings and rating.However, these two together are still no guarantee that you will get a good app, especially from the Google Play Store. Fake reviews on Google Playare a little troublesome, and there is no simple solution either. The last thing you want to do is download a bad app, or worse, full of spyware.
Based on our own review of app reviews and ratings, we recommendtrue callerapartment The app has over 500 million downloads and 4.4 out of 5 stars from over 13 million reviews on the Play Store. The app can intelligently block SMS spam and phone calls. It also allows you to blacklist and whitelist numbers in real time.
How to report spam calls and messages - US, UK, Canada, Australia
You might feel a little helpless against spam calls and texts, but you've got a voice. In the US, UK, Canada and Australia, there are official and unofficial options for terminating spammers.
A few years ago, the US established the National Do Not Call Registry, which allowed individuals to give out their phone number and telemarketers to remove them. The service worked for a while. However, in 2017, many media outlets started to report that many people were already noticing:registration no longer worksas intended.
Despite threats of state prosecutions, callers and text spammers are given new impetus in their efforts. Here are two ways to fight back.
Outside of the DNCR, here are several options for US citizens to reduce spam calls and smishing attempts:
1. Register spam numbers on a website dedicated to spam numbers
There are now several websites where you can report and discuss spam numbers. If you receive a spam number, send the number to a website dedicated to eradicating phone spam. We will recommend the site to others.800notes.com. Here you can transfer the number with a note to the call or SMS. This helps other people who are also receiving messages from these numbers and are wondering if they are reliable.
2. Make a complaint
Although the National Do Not Call Register is all but dead, you can still do itfile a complaintwith the FTC. Please note, however, that the FTC requires your number to be registered for at least 31 days before you can file a claim. DNCR is primarily intended for spam calls.
You can report spam text messages directly to the FTC without registering with the DNCR.just go hereand complete the online claim form.
However, don't expect an instant or timely response from this method. And even if your complaint is investigated, you're unlikely to get any feedback from the government on the actions taken. Complaints go into a database where the FTC looks for repeat offenders and looks at those numbers. Still, adding your details to their information can help weed out spammers.
non UK residents
If you are receiving fraudulent SMS and calls in the UK, here are some options available to you.
1. Contact ActionFraud
ActionFraud or National Fraud & Cyber Crime Reporting Center was set up to deal with the ongoing fraud issues in the UK. If you have received messages that are clearly fraudulent, you can call the hotline (0300 123 2040)you useOnline reporting tool.
2. Sign up for preferred phone service - and file a claim if you already have
The phone preference service is designed to prevent or reduce unwanted telemarketing calls on your phone. You mayregister your numberwith TPS on their website.
If you are already registered and still receive calls, you can also file a complaint through the website.
3. File a complaint with the Information Commissioner's Office (ICO).
TPS also suggests filing a complaint with TPS if you continue to receive unwanted calls. Unlike TPS, howeverICO also handles SMS spam. This is a good option if you are getting smishing attempts on your phone. ICO deals with all types of spam and fraud related to digital communications.
4. Register the number on a reverse number website
If you know that the fraudulent number is a problem, find it and register it on the reverse number website such aswho-called.co.uk.The site allows you to register numbers that you know are scams, as well as look for numbers that might be suspicious. If you submit a fraudulent number on the site, you can leave a note to explain what kind of behavior or messages you received to help others fight spam.
In Canada, despite government efforts, telephone scams are still a problem. Here are some options Canadians can take to fight back.
1. Use a website to look up and record reverse numbers.
There are some websites where you can look up Canada numbers. We suggestcanadianreacodes.net. The site maintains an active list of numbers registered in Canada. You can also register a number with information about the type of message you received to help others find out if a number is being used for fraud.
2. Report the fraud to the Canadian Anti-Fraud Center
The CAFC was established to help Canadian residents identify and report all types of fraud and fraud. This includes smishing attempts and harassing phone calls. You can call the CAFC(1-888-495-8501)or file the complaint with yourFraud reporting system. The CAFC online system requires you to have a GCKey to log in and file your claim. The key is free, but you have toreceive your GCKey through an online portal.
Like Canada, the UK and the US, Australia has its own increasingly troublesome phone scam problem. Here are some solutions for Australian residents who have to deal with phone spammers.
1. Go to the Do not call tab
australiansdo not call the registerhas been running strong for over a decade. In case you missed it, the government numbers sent to the registrycontinuousPlot.This means you don't have to resend your number, which solves the problem of your number expiring and spam calls coming back. Government surveys from 2015 show that most users of do-not-call records have seen a significant reduction in unwanted calls.
2. File a complaint with the Australian Communications and Media Authority (AMCA).
The AMCA, which also operates the Do Not Call Registry, allows you to do thisclaim onlineif you have received spam messages. You must have been registered for at least 30 days and calls must have been received outside of normal business hours. Unfortunately, complaints must be related to spam calls and do not count as SMS spam.
forreport SMS spam to the AMCA, you should forward your spam SMS directly to the agency. SMS spam forwarding number is0429 999 888.It is important that you provide the number to AMCA as this will add to their database and help them to identify, track and ultimately deal with SMS spammers.
3. Register the number on a reverse number website
If you are convinced that a number that is texting or calling you is a scam, register that number online. For Australia it is one of the best sitesreverseaustralia.com. On the website, you can register numbers with a comment about what kind of behavior you received from that number. You can also use it to look for suspicious numbers if you're worried that a call or text message from an unknown number could be a scam.
Even if your phone scam issues are covered, you still need to be awareemail scam. But that is a subject for another day.