Skip Tags

Popular Tags

Decorative icon

The Resource Center Online Security Issues & Protection | post

Identity Theft by ‘Smishing’- an Increasing Problem for Smartphone Users

by Steve Schwartz on

Identity theft fraudsters have now added 'smishing" to their arsenal of tricks as they try to pry loose personal information from the unsuspecting.

Phishing (pronounced "fishing") is a means by which fraudsters attempt id theft getting you to reveal things like financial or account information, your user name and password to access your accounts, your Social Security number, birth date, ATM PIN or your credit card information. Most phishing attempts are through fraudulent e-mails, although it can also occur through phone calls.

Smishing (or "SmiShing") is derived from “phishing" with the “SM” coming from SMS (Short Message Service), the protocol used to transmit text messages via cellular devices. It is an identity theft scheme, using short SMS text messages usually sent to a person's smartphone or mobile devices containing a link to a fraudulent website or a phone number in an attempt to collect personal information that it then used to commit fraud.

These fraudulent text messages can also be used to plant a virus on a smartphone or mobile device. When the unsuspecting recipient of the phony message clicks on the given link, a virus is downloaded to the phone or device. Information from the phone or device is then uploaded to the scammer and with more and more people keeping their banking and financial information on their phones/devices, you can see where this can lead.

Earlier this month, the Better Business Bureau warned consumers of identity theft via smishing. Here are some highlights of the warning:

  • Many consumers have their bank account information conveniently at their fingertips through smart phones, but this information can also be turned on consumers by scammers looking to commit identity theft by pretending to be banks or financial institutions.
  • The scam consists of a text message that appears to be an alert from a bank which you may or may not have an account with. The text tells you to verify your account by either following a link on a smart phone or calling a phone number.
  • The details of the scam vary. Banks of all sizes, from local businesses to multi-national institutions, have been targeted by scammers using a variety of messages and techniques.

Recently, also, T-Mobile users have been targets of this kind of id theft.  In an email sent out to users T-Mobile warned:

  • T-Mobile will never ask you to "confirm" or "verify" your sensitive personal information in an unsolicited e-mail. If you receive a suspicious e-mail supposedly sent from T-Mobile:
  • Do not reply to the suspicious e-mail and do not open any attachments. Instead, contact T-Mobile directly and make sure that the e-mail is legitimate.
  • Do not click on any Web links included in the e-mail even if it looks genuine, and do not provide any personal information which the e-mail may request.

I would assume your kids are using smartphones. You should sit down with then and warn them of the dangers of smishing. Stress how official looking these messages can be, and how realistic looking the phony website they are referred to. Stress to them that no cell company, financial institution or social media site will ever ask them in an email to provide or verify or confirm personal information.