As email scams become easier to spot, scammers are starting to resort to new ways to attempt to access your personal data. While they might come via your phone, the tactics and objectives of text message scams are nearly identical to email phishing scams. If you want to understand how to identify and avoid scam text messages, read on.

What is a text scam?

Text scams or Smishing are any fraudulent text messages sent by scammers in an attempt to access personal or financial information from a victim. Also known as smishing scams (SMS phishing), these messages will often come from sources impersonating government agencies, banks, companies, or even individuals you might know.

How to identify a fake text message

While it’s less common to receive scam text messages than email-based phishing attacks, they can be harder to spot given the very different format of texts. There are a few key ways to identify these attacks:

  • You receive a text from an unusual phone number. Most text messages will come from a number using either 10 or 6 digits. Spam text or scammers sending text messages will often have numbers with 11 digits, so it’s an easy thing to check before even opening a message. If in doubt, look up the number online.
  • The text message includes a suspicious link. Scam text messages with links are a very common tool used in phishing scams. Any text asking you to follow a link should be treated with caution
  • The message contains bad grammar. Bad spelling or grammar is usually a good sign that it may be scammers sending text messages to you.
  • You receive a message saying you won something. If you receive a message saying you won something (especially from a contest you didn’t enter) you probably won a big pile of scam. Don’t click any links from sources you don’t recognize.

Examples of scam text messages you should avoid

Common scam or spam text messages examples include fake contests, “urgent” financial problems, or even package deliveries. Be wary of anything that asks you to visit a suspicious link or provide personal details. See some common examples below:

  • Congratulations! You’ve won our grand prize. Go to [link] to claim now! Even if you did enter a contest, it’s best to try to contact the company directly before clicking any links in text messages.
  • Your tax refund is pending acceptance. You must verify your bank details within 24 hours at [link] Text messages from the ATO or other taxation offices are almost always going to be scam text messages. Legitimate government agencies will likely contact you by mail, and will not ask you to provide additional personal details.
  • Your Google account will expire later today. Please verify your login details at [link] to prevent your account being deleted. Text messages asking you to verify other accounts are extremely suspicious. Companies with these accounts are unlikely to ever message you asking for these details.
  • Hello, your package with tracking code PP-22611Z-20 will be arriving later today. Please confirm your delivery address at [link]. Even if you’re expecting a delivery and have text updates enabled, links asking to verify personal details are a dead giveaway for phishing text messages.
  • EMERGENCY your grandson was injured in a car crash last night and needs money for immediate treatment. Please send $2000 to [link] While receiving messages about family members in crisis can be alarming, the best approach is to first try to reach out to them directly.

How can I avoid text message scams?

Tips on avoiding scam or phishing text messages line up pretty neatly with the same advice for avoiding phishing emails. If it seems odd, don’t click any links, delete it, and move on.

  • Don’t reply to any unfamiliar messages: Any reply to a spam text message will let the scammers know they’re in contact with a genuine number. Even replying means that your number becomes a hot commodity, and may be sold to other scammers.
  • Don’t click on any suspicious links: Link masking and shortening has made it difficult to immediately spot suspicious links, and any harmful links can instantly install harmful malware on your phone.
  • Don’t share any personal information: Don’t ever send any personal information or passwords to unsecured or unencrypted locations. That includes SMS, even to people you trust!
  •  Use your phone’s spam filtering: Modern phones come with the ability to scan suspicious numbers and spam text messages automatically.  Turn yours on now.

 What do I do if I receive a scam message?

If you receive a scam text, the best practice is to deal with it efficiently. 

  • Analyze the situation: There’s no need to respond instantly, especially if you think something might be up. Remember that most breaches occur due to human error! Check for the red flags listed above, and don’t succumb to a confused, rushed response.
  •  Delete the scam text message: Send it off into the digital ether. Take a screenshot if you’d like a record, but don’t reply, click on any links or keep it around in your inbox any longer than you need to.
  • Report the message: Report and block the number directly with your service provider and ACCC's Scamwatch

Summary

While smishing scams remain less popular than other forms of cyber attacks, they’re still more common than you might think. Thankfully, they’re easy to spot with some thought and education on best practices. Be on the lookout for suspicious senders, links in text messages, and strange requests for personal data. If you’re concerned about scam text messages impacting you or your business, please don’t hesitate to contact us or request a demo from Phriendly Phishing.