Learn
Scam Alert: Smishing
Smishing isn't a new dance craze or cooking technique — it's a type of cyberattack. Smishing isn't a new dance craze or cooking technique — it's a type of cyberattack. But with so many similar-sounding scam names like skimming, vishing and phishing floating around, it's hard to keep up with what each one means.
Here we'll explain what smishing is and how it works. More important, we'll outline how you can protect yourself from smishing attacks — and what to do if you think you've been targeted.
What is Smishing?
The term smishing is a mashup of the acronym SMS, which stands for short message service (the industry lingo for text messaging),1 and phishing, a type of internet fraud that involves tricking you into responding to a fake email.2
Smishing is a type of phishing that uses text messages to try to dupe you into sharing personal financial information like your password, bank account, or credit card number.1
Did you know? Smishing scammers play on your fears and your trust.
How Smishing Works
You get a text message that looks like it's coming from some sort of official source. For example:
- You get a text that seems to be from your bank, warning you that there's a problem with your account requiring immediate attention.
- You receive an ominous threat of a fine or legal action from what appears to be an official government agency.
- An organization that sounds slightly familiar announces you've won a gift card in a drawing you don't recall entering. The message asks you to text back or call, and then you're required to submit personal information to “verify" your identity.
- In another twist, a scammer posing as a charity may invite you to send a text to a code number to make a donation that cyber thieves end up collecting.
Smishing scammers play on urgency, fear and authority. 1 They're also counting on you to trust a text message sent to your personal cell phone number and not think twice about responding.
How to Recognize Smishing Attempts
- Use caution when responding to text messages. When you get any text message that claims to come from a financial institution — or asks for personal or sensitive information — examine it carefully before you hit “reply."
- A red flag is when the number that shows up on your cell phone screen doesn't look like a phone number at all. For example, if the sender's number appears to5-6 digits, like 5000, instead of a normal 10-digit number, that's a tip-off the message was sent via email and not from another cell phone. That's one way hackers hide the source of fake messages.
Even if a text looks like it's coming from a trusted source, you should still be wary if it asks for passwords, authentication codes, or other personal information. The reason: spoofing. That's when a scammer makes it look like a phone call or text is coming from a number other than where it's really coming from.3
Again, the best course of action is to refrain from responding by text and instead call the company directly using the customer service number listed on their website.
Due to the recent increase in smishing attacks, some banks opt not to use text messages at all with their customers. Check to see if your bank has a written policy on text messaging. Even if your bank does use text messaging, it will not ask for personal financial information via text. If your bank does send text messages, make sure you find out directly from the bank itself what phone number it uses to do so.
What to do If You Suspect Smishing
If you have any doubt about whether a text message is real, contact your alleged sender's customer service department using the number listed on the company's official website or materials.
Whatever you do, don't call the number provided in the text message, and don't click on any link embedded in the message. Clicking on a link could cause your mobile phone to become infested with malicious software and allow cyber criminals to steal your personal information.
How to Report Smishing Attacks
If you realize you've been on the receiving end of a smishing attack, report it to your cell phone company and file a complaint with the Federal Trade Commission.4
You can also report smishing scams to any government agency, retailer, or other organization that the hacker was impersonating.
Terms like smishing may sound silly, but the financial harm that can result from smishing and other cyberattacks is quite serious. Shield yourself with a healthy dose of skepticism when seemingly official sources are sending you text messages and asking too many questions.
Read more tips for financial safety and security
Consider Signing Up for Credit Monitoring
Does remembering to regularly scan your credit report sound exhausting? Another option: Choose a service that will do the credit monitoring for you.
For example, as a Synovus Plus, Synovus Inspire, or Synovus Private Wealth customer, you can enroll in complimentary Financial Protection Services services through Carefull. Depending on the level of protection you have, Carefull will monitor your credit reports and notify you any time any changes are made. Carefull will also scan the web to make sure your personal information hasn't been compromised by checking websites, blogs, peer-to-peer networks. Carefull also offers full-service identity restoration if you become a victim of identity theft.
Learn more about how you can achieve peace of mind as a Synovus customer with Carefull.
Important disclosure information
This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.
- Digital VA, "Smish, SMish! Don’t get phished," accessed July 29, 2024. Back
- Federal Trade Commission Consumer Advice, "Phishing Scams," accessed July 29, 2024. Back
- Federal Communications Commission, "Caller ID Spoofing," published March 7, 2022. Accessed July 29, 2024. Back
- Federal Trade Commission Consumer Advice, "How to Recognize and Report Spam Text Messages," July 2022. Accessed July 29, 2024. Back
People are also reading
Do you have questions or ideas?
Share your thoughts about this article or suggest a topic for a new one