The New Hampshire Information and Analysis Center (NHIAC) is reporting a rise in “smishing” attacks targeting NH residents. In recent incidents, fraudsters are luring victims into clicking on a malicious link they receive by text, claiming information they supply will verify vaccination status. Smishing happens when you click on a malicious link and that tricks you into divulging private information or downloading harmful programs onto your mobile device.
Malicious links from smishing attempts will direct you to a fake website where you are asked to supply personal identifiable information, such as a social security number, date of birth or photo of your driver’s license. Any information you give will likely be sold on the dark web and used to commit fraud.
The best way to avoid smishing is to ignore and delete text messages that look suspicious. For text messages that are difficult to distinguish, follow these tips to determine if the text is really a smishing attempt:
- You don’t recognize the sender.
- The message attempts to create a sense of urgency. Phrases like “urgent security alerts”, “you-must-act-now”, “limited time offer”, or “problems with your account” are all warning signs. Financial institutions, government agencies or merchants will never send you a text message asking for your personal information. Also, never share one time passcodes with anyone.
- The sender’s number is not a standard format phone number. For example, rather than 603-xxx-xxxx, the sender’s number may be 5000, which could be an email-to-text number that is commonly used by fraudsters.
Here are some proactive steps you can also take to avoid becoming a smishing victim:
- Don’t store your credit card or banking information on your mobile device. If the information isn’t there, thieves can’t steal it even if they do upload malware to your device.
- If you receive a suspicious text refuse to take the bait.
- Do not respond to the message.
- Do not click on any links.
- Delete the message.
- Report it as spam by forwarding the message to 7726.
- Report it to the Federal Trade Commission at ReportFraud.ftc.gov.