Internet scam artists are moving beyond your email inbox and targeting your text messages instead. With this new scam, called "smishing," scammers are trying to get you to send them your personal information that could help them access your bank account or other online profiles.
Here's what you should know.
What are smishing scams?
"Smishing" scams are so named because they're like a phishing email, except sent via SMS, the technology underlying the typical text message. They often prey on people's panic or sense of urgency, according to Jason Hong, associate professor at Carnegie Mellon University's Human-Computer Interaction Institute. For example, one fraudulent message might appear to be a warning from your bank about an unauthorized charge.
"That's one of the main ways they try to trick you," says Hong. "There's an urgency to the message. There's something that needs your attention right now."
How can you avoid smishing scams?
Hong says you should make sure to use different passwords for everything from your bank's website and social media apps to your email account. Two-factor authentication and password managers like Dashlane and 1Password can also be useful. And in the hypothetical case outlined above, you should call you bank or credit card company directly to verify the alert, rather than clicking any links in suspicious text messages.
Unfortunately, there's no foolproof way to block smishing messages entirely, says Steve Wicker, a computer engineering professor at Cornell University. Wicker says the best course of action is to be vigilant for suspicious text messages, just like you should watch out for strange emails. One tip: Look out for text messages from phone numbers that clearly appear fake or suspicious.
Another warning: Wicker says some scammers may be able to make their messages look like they're coming from a person you know and trust. So if you get a weird message from a friend, it's a good idea to call them back on the phone and check if they actually sent the text.
Why are scammers using smishing scams?
Scammers could have one of several motives, Hong says. They could be trying to steal a victim's identity, to access their bank account, or to blackmail them into giving out personal or company secrets.
"That's where the money is," Hong added. "People are getting more suspicious of emails. Companies like Google and Yahoo are getting better at detecting fake accounts and shutting them down. So the next easiest thing for [a scammer] to do is to go to mobile."
Is smishing a new phenomenon?
Smishing scams have been around since as early as 2008, but experts say they are becoming more prevalent. They're also popping up on all sorts of messaging apps, not just simple text messages.
"This is impacting all systems in the mobile arena, it's not just limited to one system," says William Beer, who works on cybersecurity matters for professional services firm EY, previously known as Ernst & Young. "There's never 100% security on any app, whether they be desktop or mobile."