A new cyber-scam called “smishing” is targeting unsuspecting victims, costing them money, time and peace of mind.
Smishing is like “phishing,” but criminals use text and SMS messages to defraud victims instead of emails.
“Everybody is at risk,” Trend Micro Vice President of Cloud Research Mark Nunnikhoven said. “Anybody with a cell phone is a potential victim."
Cyber-criminals are after everything from your password to social security number. According to security experts, the crime first surfaced around 2006 but has recently started growing.
"With a phishing email we’ll see a broad attack campaign by a criminal sending out a mass of emails because email is essentially free," Nunnikhoven said. "There is a bit of a cost for these attackers, they have to pay for these text messages, but that cost has dropped a lot in the last few years, which is why these attacks are on the rise."
Security experts say smart phone users should watch out for text messages from unknown numbers. Do not click on links or download apps sent to your from a text message without identifying the source.
"They are going to try to target people in specific area codes or people who have shared their information with a site they have already hacked so they can get more information," Nunnikhoven said. "If they know you are interested in a concert or shopping experience they will be able to write a much better text message to lure you in.”
Once you click and take the bait, your personal information is up for grabs. According to experts, this crime can cost you a lot in the end.
“The challenge is proving it and capturing somebody," Nunnikhoven said. "This is an attack that happens at scale and normally happens through digital means so not only through SMS message, but the criminal gets you to go back to their website somewhere in the world."
If you believe that you have been smished, hang on to that initial text message and screen grab it. Send it to your financial institution or your local police department, along with a written statement of everything you did and the link you accessed.