What’s smishing? How to spot the latest texting scams
Let’s be honest, in the digital age, one defined by rapid change, few things remain certain for very long. But one certainty is that whatever new forms of security exist, social engineers and fraudsters will find a way to exploit them.
Text scams are an easy example. Sure, text scams aren’t new — they’ve existed for as long as texts have. But with phone number spoofing and AI, they’re still a common way for fraudsters to gain access to accounts. OCCU security systems work around the clock to safeguard your info, and you can add another layer of security to that with the right knowledge.
Here's what you need to know to spot the latest text smishing scams.
How text smishing scams work
If you know what smishing texts look like, they’re easy to spot. Here’s how the basic scam works:
- A hacker sends you a text message using social engineering tactics to make you think it’s legitimate. For example, the text may appear to come from your financial institution, your phone provider, a charitable organization or even someone you know.
- The text encourages you to tap on an infected link or call a “customer service” hotline and provide them with your personal information such as usernames, passwords, emails, etc.
- The hacker uses your information to commit fraud or sells the stolen data on the dark web.
How to avoid falling for a text smishing scam
The key to sidestepping a smishing scam is to stay alert to the tactics listed above and refuse to respond to any texts that meet those criteria.
Here are a few things you should always keep in mind when reading or responding to text messages:
- OCCU will not send you text messages that ask you to provide sensitive financial or login information. In fact, you can safely assume that no reputable financial institution, organization or service provider would ever do so. This is an essential security policy that all responsible organizations share precisely for the purpose of protecting you and your identity. This means if a text claiming to be from OCCU or another financial institution asks you for login data, Social Security number or other personal info, it’s a scam.
- When in doubt, go straight to the source. Do not respond to the text message. Instead, call the person or organization the text appears to have originated from, and ask them whether it’s legitimate. This means even if the number matches ours, call us directly anyway using the number on the back of your card.
- Do not respond to or click on links from anyone you don’t know. Clicking suspicious links can open you up to security breaches. Many times, fraudsters create links that are as close as possible to the real thing. It’s the difference between OCCU, our actual name and 0CCU — almost our name but with a zero in place of an “O.”
- Be aware of urgent messaging. While it’s true, there will be times when you receive communication from us asking you to take an immediate action, these messages are few and far between. And we’ll often urge you to contact us directly. In contrast, scammers will demand you click the link they send, provide sensitive info and otherwise pressure you into working against your best interests. If you come across a text that raises red flags, then take a breath and dial the number on the back of your OCCU card to get answers.
“Most smishing scams invoke a temporal element that warns of negative consequences should you fail to respond or act quickly; your card is being shut off, fraud charges are pending, etc.” Says Jessa Womack, OCCU’s information security manager. “The messages usually include a link to click that will then ask you for credentials (which then the malicious actor uses against you).”
What to do if you’ve been scammed
If you’re involved in a smishing scam, the first thing you need to do is give yourself a break. It’s not your fault — we all get caught unaware sometimes. The next thing you need to do is report it immediately. Contact your financial institution right away and ask about canceling fraudulent transactions and blocking future charges.
“If you are concerned that you’ve fallen victim to a social engineer using smishing methods, don’t be embarrassed!” says OCCU’s Matthew Wilson, VP of Risk and Administration. “Get on the phone with your financial institutions and let them know so that we can all assist in monitoring your accounts for fraudulent transactions.”
The next step is to consider freezing your credit reports and notifying the Internet Crime Complaint Center (IC3), he adds.
Finally, if you realize you’ve accidentally provided financial information to a fraudster, OCCU has your back. If you are ever in doubt, please don't hesitate to report suspicious activity to our team or contact us. We’re here to help and keep our members safe. Our security team will help you navigate the situation with compassion and understanding while working with you to minimize damages and recover from identity theft.
Above all, it’s time to start being as wary of text messages as you are of email and phone spam. Social engineers may be clever, but they’re not that hard to spot if you stay on the lookout. Stay safe out there!