Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Smishing: Text messaging fraud and how to avoid it

Terri Luttrell, CAMS-Audit, CFCS
February 28, 2023
Read Time: 0 min

Preventing SMS phishing, or "smishing"

A financial institution's guide to smishing scams, why they work, and how to avoid them.

You might also like this webinar, "Proactive measures to protect against check fraud and fraud loss."

REGISTER now

Introduction

Smishing uses trusted SMS messaging platform for fraud

According to the Federal Trade Commission (FTC), consumers lost more than $5.8 billion to fraud in 2021, a 70% increase over the prior year. That represents almost 2.8 million people, setting an annual record.

The rise in fraud and hard dollar losses is often attributed to new fraud trends and complex schemes such as cryptocurrency fraud.  However, simple scams still work remarkably well and can be conducted via personal communication channels such as text messaging. For example, almost all of us can remember receiving something like the following pesky text messages:

  • "Your debit card has been locked; click here to reactivate."
  • "Missed delivery from UPS; call now to receive your package."
  • "Your bank is closing your account. Please confirm your PIN immediately."

Text messaging has become an effective fraud platform because the messages quickly grab your attention and instill a sense of urgency to act. The more straightforward the message, the more likely readers will take it seriously. While consumers have become accustomed to phishing emails and generally understand not to click on unsolicited links or open attachments, the text messaging platform is still considered trustworthy. Friends, family, and reliable institutions use texts to communicate, not criminals, right?  Unfortunately, this is not always true. In 2021 the FTC logged 378,119 fraud complaints about unwanted text messages, including fraud attempts. This type of fraud is referred to as smishing or SMS phishing.

Smishing uses social engineering to get personal information via text messaging. The fraudster sending smishing messages impersonates someone with authority, such as a government agency or financial institution.

Avoiding fraud

How to identify a text scam

The following are a few things to look for to avoid becoming a victim of smishing:

Check the phone number: Legitimate text messages come from phone numbers ten digits or less. If you receive a text from a number with more than 11 digits, it’s safe to assume the text is a scam and delete it without responding.

Be cautious with clickbait: If a sender tries to get you to reply to a text with information, click on a link, or call a number, it could be a scam. Just as you would with email phishing, ask the institution or person about the message in person or on a phone call to their primary number. If the news comes from a completely unfamiliar sender, delete the text and report it as spam.

Verify family crisis texts: Receiving news of a family emergency is alarming. If you received a text from a family member asking for help, you would naturally want to come to their aid. But family crisis text scams trick recipients into thinking a family member is in danger and that they need to send money immediately. If you receive a family crisis text from a number you don’t have saved, confirm with another trusted family member before responding.

Avoid text refund scams: Smishing can occur when recipients receive a message saying they've been overcharged for a service and offering to refund them if they provide their banking information. Be sure to only send banking information through secured and verified means.

Be skeptical of prizes: Scammers have many creative ways to get personal information. One of these is offering random prizes, including cash and material goods. Redeeming the prize requires giving your bank details or other personal information. A typical example of this is the Walmart text scam, so if you suddenly receive a "prize” from a contest or sweepstakes you don’t remember applying to, be wary.

Double check texts from your employer:  A report by the cybersecurity company Proofpoint found that 81 percent of organizations surveyed faced smishing attacks. According to the Credit Union National Association, the most common example is when someone impersonates an employee's boss, asking the employee to buy gift cards and forward the numbers and codes via text. When in doubt, call your boss to verify the request before fulfilling it.

Be ready for AMLA-related changes. This checklist can help.

Keep me informed Download

Conclusion

Recommendations for front-line staff

Financial institutions can help prevent smishing by letting their customers know what to expect from them in text messages and helping them understand what means of communication they will use to verify customer information. Add current fraud trends to your institution’s AML risk assessment and plan your fraud mitigation processes with smishing risk in mind. Front-line staff who encounter customers transferring funds for a suspicious-sounding purpose should be ready to ask questions that prevent smishing fraud.

Smishing risks will differ among institutions based on size, location, and client base, but each institution must be able to justify implemented controls to their banking regulators. As more and more customers use smartphones, smishing will continue to be a risk, so understand how to detect and prevent fraud schemes before they become hard dollar losses.

Stay up to date on AML/CFT and fraud trends with more professional development.

 

We can help you navigate changing AML/CFT and fraud regulations. Abrigo's BSA and AML software can help you manage customer or member relationships and stay compliant. Talk to a specialist to learn more.
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.