Funny Word, Serious Security Risk
“Smishing” may sound like a made-up word, but it is actually a very serious security scam, designed to get you to share personal information via text messages on your cell phone. The most common examples of smishing occur when text messages are sent, posing as your financial institution or another business that has access to sensitive information. These messages often contain something that needs “your immediate attention” such as an account suspension or purchase confirmation and could have serious consequences if you do not respond.
For example, you might receive a text message that says:
“Notice – this is an automated message from Amegy Bank. Your ATM card has been suspended. To reactive, call urgent at 866-XXX-XXXX.”
When you call that number, an automated voice response system claiming to be from your financial institution will ask you to confirm your personal financial information, including credit/debit card information, security codes, your email address, PIN number, Social Security number and other critical data. Other smishing scams may direct you to a legitimate-looking website, asking for the same personal information. This information is then used to create duplicate credit, debit or ATM cards which can then be used anywhere in the world.
So how do you recognize what a smishing message is?
- Check the number the SMS text is originating from. Often, smishing messages originate from a “5,000” number instead of an actual phone number. This indicates that the message was sent via email to the cell phone and not from another mobile device.
- If you get a text message that asks for personal or financial information, don’t reply. Legitimate companies don't ask for this information via SMS messages. If you are concerned about your account, contact the organization mentioned in the email using a telephone number that you know is genuine.
- Do not reply to the message.
- Do not click on any of the links that may be embedded in the message.
- Contact your cell-phone carrier’s Privacy Team. Forward a copy of the text message so they may investigate it.
- Contact your bank, financial institution or another entity you do business with directly. Ask them to verify if this is a legitimate request or not.
- Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
If you believe you've been scammed:
- Contact your financial institution or credit card company immediately to freeze your accounts.
- File a report with the Federal Trade Commission at
- Then visit the FTC's identity theft website at ftc.gov/idtheft. While you can't completely control whether you will become a victim of identity theft, you can take some steps to minimize your risk.
- You also may report smishing messages to your cell-phone provider.