In the past few years, a new type of cyber threat known as “smishing” has emerged, targeting individuals through fraudulent text messages. These scams have become increasingly sophisticated, with cybercriminals impersonating legitimate organizations to steal personal information and money. A common example is the fake tollway balance SMS scam, where victims receive messages about unpaid tolls or a depletion of the funds in their tollway pass account. Understanding the rise of these attacks, recognizing the signs of a smishing scam, and knowing how to protect oneself are important in today’s digital landscape.
The Rise of Smishing Attacks
Smishing, a blend of “SMS” and “phishing,” entails scammers sending deceptive text messages to lure recipients into disclosing sensitive information or clicking on malicious links. The increase in smishing attacks is alarming. In 2020, there was a 328% rise in smishing incidents, resulting in Americans losing over $86 million to these scams. This trend persisted in 2021, with a 700% surge in smishing attacks during the first half of the year, affecting 74% of organizations. By December 2023, more than 19 billion spam SMS messages had been dispatched in the U.S. alone, averaging 19 messages per individual.
The Fake Tollway Balance SMS Scam
A notable smishing tactic involves fake tollway balance messages. Victims receive texts claiming they owe money for unpaid tolls and urging them to make immediate payments to avoid penalties. These messages often contain links to fraudulent websites designed to steal personal and financial information. For instance, Illinois residents have reported receiving texts about unpaid I-PASS tolls, which the Illinois Tollway has confirmed are scams.
Recognizing Smishing Scam Texts
- To protect yourself, it’s crucial to recognize the signs of a smishing attempt:
- Unsolicited Messages: Be wary of unexpected texts, especially those requesting personal information or immediate action.
- Urgent Language: Scammers often use urgent language, threatening fines or account suspensions to push for quick responses.
- Suspicious Links: Avoid clicking on links from unknown senders. Hover over the link to preview the URL; if it doesn’t match the official website of the claimed organization, it’s likely a scam.
- Request for Personal Information: Legitimate companies typically don’t ask for sensitive information via text messages.
Steps to Take if You Receive a Smishing Text
- If you receive a suspicious text message:
- Do Not Engage: Avoid replying, clicking on links, or providing any personal information.
- Delete the Message: Removing the text message reduces the risk of accidental interaction.
- Report the Scam: Forward the message to your mobile carrier’s spam reporting service (often 7726 or “SPAM”). Additionally, file a complaint with the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov/.
- Monitor Financial Accounts: Regularly check your bank and credit statements for unauthorized transactions.
Protecting Yourself from Future Smishing Attacks
- To protect against smishing:
- Enable Spam Filters: Turn on your phone’s spam filtering features to block potential scam messages.
- Use Security Software: Install trustworthy security apps that provide phishing protection.
- Be Skeptical: Treat unsolicited messages with caution, especially those asking for personal information or urgent action.
- Educate Yourself and Others: Stay current on common scam tactics and share this knowledge with friends and family.
Conclusion
Smishing is an increasing threat in our digital world. By remaining informed and vigilant, we can safeguard ourselves and our personal information against these harmful schemes. If you would like to learn more about further training for your employees on how to detect and react to phishing and smishing attacks, contact us. We’ll be glad to help.
