At this point, we are all familiar with those pesky, suspicious texts from an unknown number telling us that our packages couldn't be delivered or that we've won some sort of contest. These are called smishing scams. Smishing, or SMS phishing, is a type of fraud in which scammers use text messages to try and extract personally identifiable information from their targets. In fact, these sorts of scams have become so prevalent that Americans lost $5.8 billion to phishing and other fraud in 2021, a 70% increase from 2020. 

Signs of smishing:

• Scammers use SMS text messages to attempt to obtain information.
• Attackers usually impersonate reputable brands, like Microsoft or Amazon, to gain their victims’ trust.
• Smishing messages are short and usually include a malicious link.
• Since smishing messages are concise, they can be harder to recognize.

How Does Smishing Work?

• You receive a text message from an unknown number.
• The SMS claims to be an urgent communication from a reputable source — like the IRS, or a popular postal service such as FedEx or UPS. For example, the message may claim you have an unpaid tax bill or a delivery issue with a recent online order.
• At the end of the message, you are urged to click on a link or call a number to rectify the problem.
• Upon clicking any link attachments, you will most likely be taken to a scam site designed to extract your personal information.
• Some advanced variations of smishing are more dangerous; for instance, dialing the sender’s number or responding to a text message can download malware onto your smartphone.
• If that happens, the scammers may be able to steal your personal data without your knowledge.

As the world becomes increasingly mobile and technology gets more advanced, it's clear that phone-based scams are here to stay. While many of these schemes are easy to spot and avoid, criminals are getting smarter about how they target people and try to steal from them.

What should you do if you receive a smishing text? 

• Take a deep breath. In most cases, it’s perfectly safe to open a scam text. The key is not to click links or download any attachments. 
• Again, do not click links that appear in the message. Links in smishing messages direct you to fraudulent websites.
• Do not reply to the sender. Resist the urge to reply to the sender, and do not call any phone numbers provided in the message. 
• Report it. Help fight scammers by reporting them. Forward suspected phishing text messages to SPAM (7726). Then, report the phishing attack to the FTC at reportfraud.ftc.gov.