Online Banking

Phishing and SMShing Scams

Phishing and SMShing Scams

Avoiding Phishing and SMShing Scams

Phishing refers to any scam that attempts to trick a consumer into revealing personal information, such as bank account numbers, passwords, payment card numbers, or Social Security numbers through the use of fake Internet sites or email messages that look legitimate. This can happen on social networking sites such as Facebook and Twitter, where users are already sharing their personal information with others.

SMShing is a form of phishing that uses mobile phone text messages to lure victims into calling back a fraudulent phone number, visiting fraudulent websites, or downloading malicious content via phone. While attacks vary, there are a few qualities that they have in common. Many claim to be from some sort of financial institution. As a result of many users conducting banking transactions from their smartphones, they often don’t think twice when they receive a message from their respective bank. Attacks typically urge the user to take immediate action, which usually requires them to hand over personal identifying information and account details. The attack will inevitably be sourced to someone that’s not on the user’s contact list and thus, someone the user doesn’t know.

Phishing emails and websites typically use logos and graphics that you are familiar with to deceive a consumer into thinking the sender or website owner is a government agency, bank, retailer or other company they know or do business with. Phishers may include misleading details, such as using the company CEO’s name in the email “from” field. In general, phishing scams can be conducted by phone, email, snail mail and even via text message. Phishers may also try to obtain your ATM PIN or other bits of information that helps them build more complete profiles from which they can access your account.

Some phishing scams even lure victims by telling them that their information has already been jeopardized. Potential victims may receive an email that appears to come from a reliable source warning that their account has been exposed to fraudulent activity. Users are asked to click a link within the message so they can “confirm” their account information. Instead of going to the bank’s legitimate website, however, victims are taken to a look-alike site, where their entered information is routed directly to the scammer.

Hands of a man writing an e-mail on his laptop.

Be sure that the site you are on is legitimate by inspecting the URL as well as checking to see that the website ends in “.com” instead of “.biz.” There are also other easily overlooked substitutions that can give an illegitimate site away. This includes not providing any contact information, grammatical errors and/or misspellings, and lack of search results when running a Google search query.

Always view any phone or email requests for financial or other personal information with suspicion, particularly any “urgent” requests. When in doubt, do not provide any information without first verifying the legitimacy of the request by calling the number printed on the back of your payment card.