Holiday Text Messaging Scam Awareness

Information Security Awareness Moment: 

As you plan your holiday shopping activities, please be mindful that it is possible to receive scams via your phone through text messages. You are more at risk if you use your phone for online shopping with an online wallet or other financial transactions and tracking.

Text scams, known as “smishing”, are among some of the most common tactics scammers use to steal personal information. Last year, scammers sent out 87.8 billion spam text messages and defrauded victims of over $10 billion. If you receive a suspicious text, don’t respond, click on links, or call any numbers. 

 Scammers implement numerous types of text message scams, but they all follow a similar pattern.

  1. You receive a text message from an unknown or “spoofed” number. Scammers use technology to disguise themselves to make it appear they are messaging you from a business or a person you know, such as Amazon, Apple, or the IRS. 
  2. The message may create a sense of urgency to motivate you to act quickly. An Example would be to claim that your bank account has been closed or that you’ve won a free gift. 
  3. The scammer will attempt to get you to either respond, click on a link, or call a number. 

 Text scammers typically have three goals in mind. 

  1. Convince you to click on a link that will download malware onto your device. Once infected, hackers can spy on your activity, steal your passwords and sensitive information, or lock you out and demand a ransom. 
  2. Direct you to phishing sites that steal your personal information. False links may also direct you to fake websites designed to steal your passwords, credentials, or credit card numbers.
  3. Prompting you to call them. Once you’re on the phone, scammers can ask you to “verify” personal information, like your social security number and banking information, or target you with other social engineering attacks.

Any of these actions can result in immediate and long-term financial loss or identity theft.

In general, fake text messages are mostly harmless unless you choose to engage. However, they’re also an early warning sign that you could be at risk for further scams. Here’s what you can do to protect yourself from text message scams.

  1. Never click on links in unsolicited text messages. Scammers use links to infect your phone with malware and send you to fake websites that steal your information. Never click on a link in a text message unless you’re sure the sender is legitimate. 
  2. When in doubt, contact the company, agency, or individual directly. Scammers can impersonate a wide range of entities spanning from your bank to your boss. If you receive a text message that you're unsure if you should act on, contact the person or organization directly first to make sure it’s legitimate. 
  3. Regularly check your credit report and bank statements. Text message scams are almost always after access to your financial accounts. Be on the lookout for warning signs of identity theft such as strange charges on your bank statement or accounts you don’t recognize. 
  4. Remove your contact information from data broker lists. Scammers can buy your contact details from data brokers. Unfortunately, there are hundreds of data brokers in the US alone. 
  5. Consider signing up for identity theft protection. 

 Here are a few examples of types of text message scams you should be on the lookout for.

  1. Missed delivery notification scam texts from UPS or other delivery vendors
  2. “Is this you” messages purporting to be from a friend or colleague 
  3. Text scams claiming that your bank is closing your account
  4. Texts claiming that you’ve won a prize or sweepstakes
  5. Texts claiming that your debit or credit card has been locked
  6. Text messages supposedly from the IRS or other government agencies
  7. Text messages from your own number
  8. Texts claiming that your payment for a subscription service didn’t go through (Netflix, HBO, etc.)
  9. Texts about purchases you didn’t make (fake fraud alerts)
  10. Two-factor authentication (2FA) scam text messages

 

Support

If you have questions or need assistance, please contact the ITS Service Desk at service@sfsu.edu or 415-338-1420.