Smishing Scams Update: What Your Team Needs to Know Today

Perhaps you have seen the unexpected EZPass text message on your phone demanding a payment, or perhaps an email from "Amazon" about your account and payment?

Hopefully, you did not click those links!

These are two of the most recent smishing scams in the news. There are many others, and I hope you’ll agree that you should share this blog article with your team.

This is fairly urgent given the smishing attacks you may be seeing reported in the news, or the actual attacks you are experiencing on your phone, or on your desktop, or notebook.

Because this is so important, and given our goal to keep you secure on-line, my hope is you will read and share with your IT leadership team. The intent here is to educate and inform, as well as raise your awareness so you and your business associates (employees and vendors alike) are more keenly vigilant and on the lookout for smishing scams.

With your protection in mind, here is an introduction to the whole cyber-creep game called smishing.

First a definition:

Smishing is a form of phishing that uses SMS text messages to deceive individuals into revealing personal information, clicking malicious links, or downloading harmful content. The term "smishing" is a combination of "SMS" (Short Message Service) and "phishing."

How Smishing Works:

Smishing attacks typically involve a fraudulent text message that appears to come from a trusted source, such as:

• A bank or financial institution
• A government agency (like the IRS or USPS)
• A delivery service (like FedEx or UPS)
• A popular company (Amazon, PayPal, etc.)

These messages often:

• Create a sense of urgency (e.g., "Your account is locked!")
• Offer a reward (e.g., "You've won a gift card!")
• Include a link to a fake website or a number to call

Once the victim interacts with the message, they may be tricked into:

• Entering sensitive data like passwords, credit card numbers, or Social Security numbers
• Downloading malware or spyware onto their device

 
Common Smishing Examples:

• “There is a problem with your bank account. Click here to resolve it.”
• “Your package couldn’t be delivered. Update your address here.”
• “You’ve won a free reward. Claim it now!”

How to Protect Yourself:

• Don’t click on links in unsolicited texts.
• Don’t reply to suspicious messages, even with “STOP.”
• Verify with the sender using a trusted method if a message seems real.
• Use security software on your phone.
• Report smishing texts to your mobile carrier (e.g., forward to 7726 in the U.S.).
  
• 
  

How to Recognize a Smishing Message:

1. Unusual Sense of Urgency
   1. "Act now!" or "Immediate action required!"
   2. Example: “Your account will be suspended unless you verify it now.”
2. Unexpected Rewards or Offers
   1. “You’ve won a prize!” or “Here’s a free gift card!”
   2. Ask yourself: Did I sign up for anything?
3. Links That Look Odd
   1. Shortened URLs (e.g., bit.ly) or slight misspellings (e.g., “amaz0n.com”)
   2. Hover or preview the link (if possible) without clicking.
4. Generic Language
   1. No language that connects you to them
   2. Legitimate companies usually personalize messages.
5. Requests for Personal Info
   1. Any request for passwords, Social Security numbers, or payment info via text is a red flag.
   2. Strange Phone Numbers
   3. Messages from weird-looking numbers, especially those with too many digits or international codes.

 
Tips to Teach Others (Family, Team, or Clients):
 

1. Use Real-Life Examples
   1. Show screenshots (fake or anonymized real ones) to train awareness.
   2. Compare a real message from a bank vs. a fake one.
2. Encourage “Think Before You Tap”
   1. Remind people: “If it feels off, it probably is.”
3. Practice Safe Responses
   1. Don’t reply to messages asking for info.
4. C    ontact the company through their official website or app.
5. Set Up Phone Security
   1. Use two-factor authentication (2FA)
   2. Keep the phone OS and apps up to date.
6. Report Suspicious Texts
   1. Forward to 7726 (SPAM) — free on most carriers.
   2. Report to the FTC at reportfraud.ftc.gov

 
What to Do Instead:

• Don’t click on links or reply to suspicious texts.
• Verify the source by calling or visiting the official website directly.
• Use 2FA and keep your phone’s software up to date.
• Report the message by forwarding it to 7726 (SPAM)

How to Protect Your Team:
 

• Don’t click on links in unexpected texts
• Don’t reply to messages asking for info
• Verify messages directly with the organization
• Report suspicious texts to your mobile carrier (text “SPAM” to 7726)
• Educate employees & vendors—awareness is the first line of defense

 
We are here to help you stay vigilant and aware, and are ready to provide customized support for your organization. We can also provide you with a customized smishing (and cybersecurity) awareness campaign.
Call us at 508-528-7720 if you have any questions or want to discuss a smishing defense and recovery strategy