Scams spread by text messages accounted for $330 million in reported US consumer losses last year, according to a Federal Trade Commission report released Thursday.
That’s more than double the losses of the year before and marks a fivefold increase since 2019, the FTC says. It added that text scam reports started spiking during the first six months of the COVID-19 pandemic and haven’t fallen back to their previous levels since.
Cybersecurity researchers say they’ve also noticed a rise in these kinds of scams. Dubbed smishing, a contraction of SMS and phishing, some texts are clearly spammy. They tout obvious bait such as energy-boosting supplements, cash prizes from major retailers or CBD gummies in new flavors. Some are more subtle, masquerading as COVID test results, shipping notifications or alerts for online payments that didn’t go through. Either way, they’re dangerous.
The vast majority of phishing attacks — attempts to grab personal data from unsuspecting consumers — still come by way of email. Cybercriminals, however, are increasingly taking advantage of distracted consumers who are rarely without their smartphones to bilk people out of their logins and passwords, credit card or other financial information, or even access to their corporate networks.
As part of its study of the 2022 reports, the FTC also analyzed a random sample of 1,000 scam text messages and found that many of them attempted to impersonate well-known businesses.
Specifically, the most common type of scam text were those made to look like fraud alerts from well-known banks. The texts create a sense of urgency, telling the recipient they need to verify a large transaction by tapping on an included tiny link. Those who do respond are connected to fake bank workers.
The use of fake-bank texts has jumped twentyfold since 2019, the FTC says.
Other text scams often reported to the FTC include messages claiming to offer a free gift, often from a wireless phone carrier or retailer, messages pretending to be from UPS or FedEx saying there’s a problem with a package delivery, along with bogus job offers and fake Amazon security alerts.
Tips on avoiding SMS scam messages
Be on the lookout for suspicious messages. Don’t click the links inside a suspicious text or otherwise engage the sender. Instead, report the message by forwarding it to 7726 (SPAM). If you think a link might be legitimate, go directly to the company’s website instead of clicking on the included link.
Don’t mess with the scammers. Some people like to mess with the people behind the scams by texting them back and leading them on. This is a very bad idea. If nothing else, it lets the scammer know that you’re a real person. But don’t worry if you open up a scam text on your phone. Unless you click on a link or download an attachment, you’re not in danger of being hacked.
Think before you hand over your number. Retailers and other companies love to collect them, but do they really need yours? Like your email addresses, if your phone number is in a company database that gets hacked, it’ll likely end up sold to cybercriminals for use in these kinds of attacks. Just like the rest of your personal information, the fewer people who have it, the better.
Keep your private info private. Never provide personal or financial information in response to an SMS request.