No, this isn’t a typo.

SMiShing is the SMS version of phishing scams but instead of a bad email, you get a bad text message on your smartphone.  While smishing has been around for years, its use has increased significantly since March, all thanks to the Coronavirus.  According to the FTC, 52,500 Americans have filed $38.6 million in complaints related to Covid-19 fraud.

Fake SMS text messages are leading the way in a number of reported cases.

The most frequent starts with a text that appears to be from the IRS asking you to confirm information for a stimulus payment.  Clicking the link in the text message takes you to a fake IRS website and gets your contact info and SSN.  The site then redirects you to the real IRS site to throw off suspicion.  Recently, with the push to do contact tracing, bad actors are sending out fake text messages appearing to be government staff following up on contracts.  This ploy tricks you into clicking on a link and providing information.

Side note:  The scams related to the Coronavirus have gotten so large that the government now maintains an updated website listing the current known scams.  You can find it here: https://www.consumer.ftc.gov/features/scam-alerts

All fake messages want your information.  The only way they can get it, is for them to trick you into giving it to them by either sending you a link or getting you to reply to the text.  Sometimes, they’ll call you and get you to provide information that way.

Here’s how to protect you and your organization from SMiShing…

  1. Educate yourself on the latest scams – the site above is a great place to start
  2. Don’t click on or open any links sent in text messages
  3. Don’t reply back, ever (even if asked to reply with STOP, unless you know the text is legitimate). Any replies validate your phone information.
  4. Block Robocalls, AT&T, Verizon, and T-Mobile/Sprint all provide software to do this.
  5. Verify information through known sources and if you think the text MIGHT be legitimate, go to a known source for that company (company website, phone contact info) and verify the text that way.

Fake texts (and phone calls) are a great way for bad actors to make money.  They aren’t going away.  This form of deception will increase and get more clever and stealthy.  Follow the precautions listed above.

Don’t get SMiShed.

Be safe. Be Secure.

To help spread the word about SMiShing scams, we’ve prepared a poster for distribution throughout your organization.

Download