Fraud Report: SMiShing Identity Theft
Identity Theft Expert John Sileo’s Latest Fraud Report
Just as you wouldn’t want to give any personal identity information to someone via email, you want to use the same practices via text message. There is a new wave of fraud that tries to trick you with text messages appearing to be from your bank.
According to Wikipedia, SMiShing uses cell phone text messages to deliver the “bait” which entices you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a web site URL, like it is in phishing schemes. However, it has become more common to received a texted phone number that connects to an automated voice response system. One version of this SMiShing message will look like this:
Notice – this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####.
In many cases, the SMiShing message will show that it came from “5000” instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, instead of being sent from another cell phone.
Once you take the “bait” and pass on your private information, it can be used to create duplicate credit/debit/ATM cards. There are some documented cases where the information an unsuspecting victim gave on a fraudulent website was used within 30 minutes…halfway around the world.
To minimize your risk:
- Approach all text messages asking for your personal information with a great deal of skepticism (Hogwash, to those in the know).
- Understand that no bank, business or financial institution will EVER ask you to divulge or confirm your personal banking information over email or SMS text message.
- If you have any question at all that the text is legitimate, contact your bank or financial institution directly using a published phone number (on the back of your card, for example).
John Sileo became America’s Top Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about bringing John to your next meeting or event, contact him directly on 800.258.8076.
I usually submit my phishing scams to Phishtrackers(dot)com many seem to get listed in google so others find out about the scam.