top of page

SMiShing Scams Target U.S. Area Codes Utilizing Location-Specific Information

Phishing scams carried out via SMS text messages, known as SMiShing, continue to grow and target mobile users in the United States. Cloudmark, a messaging security software provider, recently cataloged the top 25 U.S. area codes that receive the most SMS spam and detailed various SMiShing scams targeting different regions.

It is estimated that spam text messages exceeded 16 billion per month worldwide, but in the United States Florida, California and Texas are the most targeted states as the top six U.S. area codes for most text message spam are areas codes in these states. The common types of text message spam and scams that are sent vary by the region and also vary in their level of risk. For example, South Florida area codes are targeted by low risk spam, mainly organizations that buy junk cars. In North Carolina, San Antonio, Texas and Cincinnati, Ohio, however, SMiShing scams targeting banking credentials are most prevalent.

In many cases the fraudsters are targeting specific area codes hoping to catch more customers of a particular financial institution in that area. For example, in San Antonio mobile users are targeted with text message phishing attacks purporting to be from Generations Federal Credit Union, which is based in the area. Using the publicly available BINs (Bank Identification Numbers), which are the first six digits of a payment card number identifying the card brand, issuer and other information, the fraudsters were able to make their SMiShing scams appear more convincing. In this particular attack the message stated “Your card starting with XXXXXX has been compromised,” then prompting the recipient to click a link or call a number with the ultimate goal of obtaining their account information.

Similar attacks targeted consumers in Cincinnati and Cleveland, Ohio posing as Fifth Third Bank and Key Bank, where the respective banks are headquartered. SMiShing attacks like these are sent to all phone numbers in the area code, but the idea is that a decent percentage of the recipients will actually be customers of these financial institutions. According to a research analyst at Cloudmark, fraudsters are going as far as to copy the recorded messages a customer will hear when they call their bank to play for the SMiShing victim when they call the bogus phone number provided in the scam text message.

While most tend to associate phishing scams with email, attacks coming via text messages and other methods are prevalent as well. Consumers have to be on the lookout to protect themselves against attacks coming from many channels including email, phone calls and text messages, while organizations need to inform and educated customers on attacks that are targeting their brand.

For more information:


bottom of page