Almost everyone is familiar with spam texts, but you might not be aware of smishing. You have probably received more spam texts than you would like. The average American gets spam texts almost every 2 days and there is no sign of them slowing down. In fact, more spam texts are sent every year.
Spam texts usually seem more annoying than dangerous. However, there is a more malicious variety of spam text message called smishing.
What is Smishing?
Smishing is short for SMS phishing. It uses the same tactics as a standard phishing email except it takes place over text or SMS. Smishing texts target your passwords, account logins, and credit card information. These texts usually contain a link to an unsafe website that impersonates a company login page to steal your password.
What is Phishing Again?
A phishing attack is when an attacker attempts to steal access to your accounts by tricking you into giving them your password. There’s a good chance you are already familiar with phishing emails because they are very common.
Phishing emails usually come from an email address that is very similar to the real email address of a company that you use. The email could ask you to reset your password or login to update your account. There is usually a link included in the email that takes you to a fake login page. When you enter your username and password to login, the attacker now has your password and full access to your account.
Why Smishing?
Smishing texts operate almost identical to phishing emails. Spammers send out texts with a link and a convincing message to get you to click. The link redirects you to a fake login page that will steal your password.
Users are more aware of phishing emails than ever. Scammers need to find creative new ways to successfully execute their attacks. This has led to the transition from sending phishing emails to sending phishing texts. People are not used to seeing phishing texts and are less cautious when it comes to clicking links in text messages. This makes smishing more effective than phishing, this is the main cause for the growth of spam texts.
How to Spot Smishing
Not all smishes are created the same, some are a lot more obvious than others. Attackers spend a lot of time disguising their messages to look legitimate. This can make it difficult for an untrained user to detect a smishing attack. However, there are a few signs that make it easy to identify a text as smish. Learning how to spot smishing texts is important to keep yourself safe from password theft or other types of SMS-based attacks.
Unknown Senders
The first warning sign of a smishing text is that it comes from an unknown sender. Messages from people outside your contacts are rare. It should raise a red flag the moment you get a text from someone not saved in your contacts.
Long gone are the days of memorizing phone numbers and dialing them manually. I can’t think of more than a couple phone numbers that I know from memory. There’s no limit on how many contacts you can have so, there is no reason not to add phone numbers that you message with.
Use your contacts and save numbers that you regularly message. This makes it easy to identify who the message is coming from. This removes any obscurity when you get a text. You either know it is from a sender that you trust or its not. You know that texts from unknown numbers are potentially risky because they are not verified by being in your contacts. This means you need to be extra cautious about how you interact with this message.
You Do Not Use the Service
Another telling sign of a smishing text is that it comes from a company you do not use. For example, if you get a text that you need to login and update your PayPal account, but you don’t have a PayPal account, you can ignore this text. Spammers send these texts out en masse. They know not everyone has a PayPal account but, enough people do for their attack to be successful.
If you get a text about a service or account that you know you don’t have, the safest thing to do is to ignore it. Don’t insert yourself into the equation and become a victim when you weren’t even the intended target. Do not click any links or text back. There is no reason to risk any danger or getting more spam texts for an imaginary account you don’t own or care about.
The Offer is Too Good To Be True
In life when something is too good to be true, it often is. The same idea applies to offers you receive over the internet. If you get texts offering insane sales deals over 80% or FREE anything, it is probably a scam.
Spammers send out texts with insane deals and promises of free stuff to entice people to click to their shady website. From there, they can try to steal your credit card info or commit other nefarious activities.
It is best to avoid any text from an unknown number that contains an offer that just seems too good to be true. When you get a text like this, just ignore it and move on. If you must scratch the itch and see if the deal is real, try googling it first. Do not use the link sent to you, go directly to the brand website and look there.
The Text Contains a Link
Any time a message contains a link you should run as far as you can from that message and sender. Texts from unknown numbers that contain links are up to nothing but no good.
Spammers send texts with links to phishing websites that can steal your credit card information or passwords. These sites look like real login pages to popular companies or services. However, when you enter your password, you are actually handing it over to the attacker. With your password they can log into your accounts to take actions as you. Depending on the type of account, they can make purchases, send emails, or download files. With your credit card they can also make unauthorized purchases.
You can avoid this by ignoring texts from unknown senders that have a link. Never click the link and delete the message. The body of the text might indicate that your account may be deleted or your password needs reset. Companies would probably never ask you for this over text. As a rule of thumb, if something is urgent enough, a company will message you again. So the best advice is to wait it out, monitor your account closely, and see if they send you a message through email or within your account dashboard. Again, to check on your account, go to their website directly, never use the link from the text message.
How to Protect Yourself from Smishing
Protecting yourself from smishing is really easy. The hardest part is probably identifying smishing texts correctly but, you can overcome this by just being cautious with all texts you receive from unknown numbers.
Never Click Links 🛑
The first and most important way to protect yourself is to never click on links in spam texts. I talked about it earlier, nothing good comes from clicking links in texts from unknown numbers. Those links will take you to unsafe websites that want to steal from you or scam you. Avoid them at all costs by never clicking the links.
Save Numbers in Your Contacts
Another effective way to avoid spam texts is by adding phone numbers to your contacts. You probably already have family, friends, and co-workers saved to your contacts. Consider also adding numbers that regularly send you texts like your bank or other text services you are subscribed to. This way when you get texts from an unknown number, they cannot impersonate a number you already have saved. You can immediately assume it is spam and delete it.
Do Not Reply
Please do not reply to spam texts. This lets the spammer know that your phone number is active. Spammers start sending more texts to phone numbers that they know are active because their attacks are more likely to work. Unless you want more smishes, do not reply to spam texts, even if it’s just to mess with them.
How to Block Smishing Text Messages
You’ve made it this far and now you know what is a smishing text and how awful they are. You even learned some ways that you can keep yourself safe from smishing texts. Wouldn’t it be wonderful if there was a way you could just remove them from your phone for good? I have exciting news for you, there is a way.
Apple makes it really easy to block spam texts with some cool settings on your iPhone. You can turn on filtering for unknown senders. You won’t get a notification when an unsaved number texts you. There is also another way to block spam that is even easier!
Dont Text is a free app that you can install to block spam texts. It takes less than a minute to setup and you can get rid of spam and smishing texts for good. Dont Text gives you full control over blocking spam texts and protects you from smishing. Download it on the App Store and you can get started blocking spam texts right away.