Steven J.J. Weisman, JD
Steven J.J. Weisman, JD, attorney in private practice and senior lecturer at Bentley University in Waltham, Massachusetts. He is author of Identity Theft Alert and founder of the scam-information website Scamicide.com.
How to Protect Yourself from This SMS Scam
The next text message you receive might not be from who you think it’s from—it might be a smishing scam.
One common form of online scam is something known as “phishing”—a scammer pretends to be someone he/she isn’t to trick victims into divulging credit card numbers, account passwords and other info. When phishing occurs via text message, it’s called “smishing”—the term is a combination of phishing and “SMS,” short for “short message service,” the most common texting technology. As silly as the word smishing sounds, it’s a growing threat as advances in artificial intelligence help smishing attacks evade security software. Three scary smishing scams…
You receive a text message from the US Postal Service, UPS or another delivery company warning that there’s a problem with a package that was sent to you—perhaps the shipment was delayed or you weren’t home for an attempted delivery. The text contains a link you can click or a QR code you can scan for more details or to arrange a new delivery time. But: If you click the link or scan the code, it will download malware onto your phone and/or lead you to a webpage that will attempt to convince you to enter a credit card number.
What to do: Don’t click links or scan QR codes in delivery-related text messages—or for that matter, in text messages on other topics. In most cases, package-delivery texts can simply be ignored—if you never gave the delivery company your cell number, there’s no way it could be sending you a text. But if you think there’s a chance a delivery text could be legitimate: Use a search engine to locate the delivery company’s actual website, then call the customer service number you find there to check.
You receive a text message from Netflix warning that it couldn’t process your recent automated payment and your account will be suspended if you don’t promptly update your credit card information. As above, the text provides a link or QR code to reach the webpage where you can provide this info. But: If you do so, you’ll actually download malware or hand your credit card number to a scammer. Smishing scammers sometimes cite a different subscription service, but Netflix is the most common because so many people subscribe to it, boosting the scam’s odds of success.
What to do: Rather than click the provided link or scan the QR code, log onto your account at Netflix.com to see if there actually is a problem with your credit card. Or just ignore the text—if there really is an issue with your Netflix account, you’ll find out when you aren’t able to view programs on Netflix and then can simply update your card info then.
You receive a text message from your bank or credit card issuer asking you to confirm that a recent purchase or withdrawal from your account is legitimate. It isn’t—you didn’t make the transaction mentioned. The text warns that if the transaction isn’t legitimate, you must report the fraud immediately to prevent the charge from being processed. The text includes a link or QR code you can use to do so. Again, the text actually is from a scammer, and clicking the link or scanning the code will download malware onto your phone or direct you to a webpage where you’ll be asked to enter your bank or credit card account info. How did the scammer know you had an account with this particular bank or card issuer? He didn’t—he sent similar texts to thousands of potential victims knowing that odds are in his favor that some of them will have accounts there.
What to do: As with most smishing scams, the key to remaining safe is not clicking the links or scanning the QR codes provided in the text. If the text claims to come from a credit card issuer, call the phone number on the back of your card to see if the security concern is real. If the text claims to come from your bank, use a search engine to find your bank’s website and call the customer service phone number you find there. Don’t let the text message scare you into believing that you have just minutes to block the transaction and avoid losing money—by law, bank and credit card customers have stronger consumer protections than that.
