Have you gotten a text message, like the one pictured below, from USPS lately saying you have a package waiting for you and you aren’t sure what they are talking about? You’re not alone, there have been a lot of people receiving these text messages and it is not actually USPS. These texts are what is known as a Phishing—or Smishing—attack. If you follow the link the text provides, it takes you to a website and will have you enter your personal information for scammers to use. This is just one example of how scammers will use text messages and email attacks to try to steal your identity and they come up with new ways every day.
What is Phishing & Smishing?
Phishing is the term used for fraudulent emails sent to people in an attempt to steal passwords, social security numbers, bank accounts, and other personal information. Smishing is using text messages instead of emails for the same outcome. Some examples of popular messages include:
- Claiming free items such as gift cards, money, prizes, and coupons
- Credit cards or loans with low or no interest
- Claiming they have noticed suspicious activity on your account
- Telling you there is a problem with your payment information
- Sending you a fake invoice and give a link to contact them if you didn’t authorize the purchase
- Letting you know there is a package waiting for you
These messages will take you to a website where you will enter your personal information and scammers will use it to steal from you or sell your information. These scammers can also use these to install malware onto your computer or phone.
What should I do about Spam Messages?
The first thing you need to do is recognize that it is not a true message. Before you follow any links or enter any personal information, ask yourself these questions:
- Were you expecting this message? If you weren’t, don’t click on any links it provides. Call the company using the phone number on their website or the phone number you know.
- Does the message call you by name? Phishing messages often won’t use your name but will address you by something generic such as “Hello Dear”. The company will use your name if it is a legitimate message.
- Do you have any relationships with this company? If you are getting a message from Netflix saying your payment declined but you don’t have an account with Netflix, it is likely fraudulent.
If you believe the message is fraudulent, don’t click any links or enter any information. Report it immediately using one of the following methods:
- Report it on the messaging app you are using
- Forward the message to 7726 (SPAM)
- Report it to the Federal Trade Commission (ftc.gov/complaint)
Protect yourself against these emails and text messages by:
- Blocking messages on your phone
- Contacting your wireless provider and ask if they can block the messages for you
- Installing a call-blocking app on your phone
- Protecting your phone by always installing the latest software
- Installing security software on your computer
- Using multi-factor authentication for your accounts online—this makes it harder for scammers to get into your accounts because it requires a password and something like a fingerprint, face scan, or code sent to a trusted device, to log you in.
- Backing up your data—always back up your data onto a cloud or external hard drive so you don’t lose information if your device crashes.
If you think you gave sensitive information to a scammer go to IdentityTheft.gov to find out what you gave them and what to do next.
The most important thing to remember is to think before you click! If you are ever unsure of a message, we are happy to help. Call any of our bank branches and one of our friendly Personal Bankers can assist you in determining if it is real or fake. Scammers are trying new things every day and are getting increasingly better at making messages look real, so always be cautious of messages asking for information and messages you weren’t expecting.