EUGENE, OR (October 5, 2022) — Smishing – using text messages to trick people into providing access to personal financial information – is the latest scam in cyberthieves’ bags of tricks.
Reports of smishing have skyrocketed, increasing by more than 300% within the past two years. If you have a phone that receives text messages, you’ve likely already been the target of more than one smishing scam. In 2021, the FBI reported that 324,000 people were victims of smishing, phishing and similar scams.
Smishing is a term that combines “phishing” with short message service or SMS (commonly known as text messages). It is particularly effective because people are more likely to trust text messages than other forms of communication. It is estimated that users read 98% of text messages and respond to 45%.
Eugene-based OCCU wants to educate consumers about smishing and how to avoid becoming a victim. OCCU experts are available for interviews for stories about smishing or any cyber-financial security issue. They include:
• Matthew Wilson, VP Risk and Administration, OCCU Information Security Officer.
• Stefanie Nash, Bank Security Act and Loss Prevention Team Lead.
• Jessa Womack, Information Security Manager.
• Mike Rustik, Financial Crimes Specialist.
• Megan Burns, Bank Security Act and Loss Prevention Manager.
To arrange an interview, contact Laticia Duman, OCCU’s Communications content specialist at 541.681.5285.
For more on smishing, see attached article, which can be used for background or published as is.
What’s smishing? How to spot the latest texting scams
Few things are certain in life, especially now that we’ve entered a digital age of rapid change. One of those certainties is that whatever new forms of communication we invent, scammers will find a way to exploit them to try and steal your identity.
Many consumers have already caught on to phishing scams, which use emails that appear to be from reputable sources to trick you into giving up sensitive information. Folks are also becoming more aware of vishing, or the use of voice calls to do the same. As these avenues become less effective for cyber thieves, many are turning to text messages instead.
Smishing — a term that combines “phishing” with short message service or SMS (commonly known as text messages) — is the latest frontier for identity theft. It’s particularly effective because people are more likely to trust text messages than other forms of communication. According to the research firm Gartner, users read 98% of text messages and respond to 45%.
Reports of smishing have skyrocketed recently, increasing by more than 300% within the past two years. If you have a phone that receives text messages, you’ve likely already been the target of more than one smishing scam. Keep reading to find out what you need to know about smishing, how to spot it and how to protect yourself.
How smishing scams work
If you know what smishing texts look like, they’re easy to spot. Here’s how the basic scam works:
• A hacker sends you a text message using social engineering tactics to make you think it’s legitimate. For example, the text may appear to come from your financial institution, your phone provider, a charitable organization or even someone you know personally.
• The text encourages you to click on an infected link or call a “customer service” hotline and provide them with your personal information such as usernames, passwords, emails, etc.
• The hacker uses your information to commit fraud or sells the stolen data on the dark web.
“Most smishing scams invoke a temporal element that warns of negative consequences should you fail to respond or act quickly; your card is being shut off, fraud charges are pending, etc.,” said Jessa Womack , OCCUs information security manager. “The messages usually include a link to click that will then ask you for credentials, which then the malicious actor uses against you.”
How to avoid falling for a smishing scam
The key to sidestepping a smishing scam is to stay alert to the tactics listed above and refuse to respond to any texts that meet these criteria.
“If you’re unsure whether the message is legitimate, take a deep breath and call or visit the site or service in question manually — ideally, typing the company’s exact URL,” Womack says. “Be cautious of Google-searching the company and clicking a potentially spoofed ad or typo-squatted webpage. The key is to reach out to the company from another source, outside of the phone numbers or links provided in the suspicious message, to validate its legitimacy.”
Here are the few things you should always keep in mind when reading or responding to text messages:
• Legitimate financial institutions will not contact you via text message and ask you to provide login information such as passwords or other credentials. In fact, you can safely assume that no reputable organization or service provider would ever do so. This is an essential security policy that all responsible organizations share precisely for the purpose of protecting you and your identity.
• When in doubt, go straight to the source. Do not respond to the text message. Instead, call the person or organization the text appears to have originated from, and ask them whether it’s legitimate. It’s probably not.
• Do not respond to, or click on links from, anyone you don’t know.
What to do if you’ve been scammed
If you’re involved in a smishing scam, the first thing you need to do is give yourself a break. It’s not your fault — we all get caught unaware sometimes. The next thing you need to do is report it immediately. Contact your financial institution right away and ask about canceling fraudulent transactions and blocking future charges.
“If you are concerned that you’ve fallen victim to a social engineer using smishing methods, don’t be embarrassed!” says Matthew Wilson, OCCU’s vice president of risk and administration. “Get on the phone with your financial institution and let them know so that we can all assist in monitoring your accounts for fraudulent transactions.”
The next step is to consider freezing your credit reports and notifying the Internet Crime Complaint Center (IC3), he adds.
Finally, if you realize you’ve accidentally provided financial information to a fraudster, don’t hesitate to go to your financial institution for help. Security personnel will help you navigate the situation and work with you to minimize damages and recover from identity theft.
Above all, it’s time to start being as wary of text messages as you are of email and phone spam. Social engineers may be clever, but they’re not that hard to spot if you stay on the lookout. Stay safe out there!
Important member security tip: Legitimate financial institutions do not send emails or text messages or make unsolicited phone calls that ask you to give personal information like PIN numbers or digital banking passwords. If you are ever in doubt, please don’t hesitate to report suspicious activity to your financial institution.
OCCU is a not-for-profit financial cooperative with more than $3.4 billion in assets. The credit union was founded in Eugene, OR, in 1956, and has an expanding network of branches and web tools to provide its more than 260,000 member-owners with a full suite of financial services. Membership is open to anyone living or working in 28 Oregon counties or anywhere in Washington. Learn more at MyOCCU.org.
Laura Brown
Community Engagement &Foundation Operations Manager
541.681.6321
LBrown@MyOCCU.org
