Just as fraudsters send email phishing scams they also try to elicit payment information through text message scams, a practice referred to as SMiShing. These scams continue to target consumers en masse imitating well-known and established brands, but recent attacks have also targeted specific regions impersonating local credit unions and financial institutions.
These text message scams come in many forms but similar to a phishing email they are designed to trick consumers into visiting a link, calling a number or some other activity that will ultimately lead to the victim’s personal information being compromised. The tactics often mimic that of phishing emails where the bait is sent to thousands, if not millions, of potential victims knowing only a small percentage will bite, only the scam is delivered via SMS text message, hence the name SMiShing.
With the growing popularity and ownership of smartphones many fraudsters target these device owners with SMiShing scams that trick the victim to visiting a malicious link. This link may install mobile malware when clicked or, in the case of a recent scam impersonating Walmart, bring the victim to a web page where they provide their payment credentials directly to the fraudster. In this recent SMiShing scam victims received a text message claiming they won a Walmart gift card but they needed to use the link provided and enter personal information to claim the prize. While this scam likely duped many victims Walmart was quick to respond posting information about it on their website and ensuring consumers that the text messages and site they linked to are not operated by or affiliated with Walmart. While many consumers would disregard such text messages as a con anyway, informing and warning consumers of the scam impersonating Walmart was a necessary move to protect future potential victims as well as the company’s brand and image.
Generally phishing and SMiShing scams impersonate large, nation-wide and multi-national brands so the fraudsters can send the fake messages to a broader audience. A recent SMiShing scam, however, was only targeted at consumers in the panhandle of Texas as the scam impersonated regional financial institutions. Potential victims received a text message purporting to be from one of a few regional banks or credit unions saying that their ATM card had been deactivated. The message provided a phone number with a Texas area code for the victim to call and provide their ATM card number and PIN to reactivate their card, of course the ATM card was never deactivated and the victim would be giving their card number and PIN directly to the fraudsters. This regional SMiShing attack may only be an isolated incident, or it may signal a new trend of fraudsters concentrating more specialized and regional attacks rather than more generic scams delivered on a larger scale.
For more information: