The threat of scam text messages may now seem distant, even quaint. With all the new, exotic and sophisticated attacks that have arisen in the past decade, surely text message attacks are low on the list. But, they can still be a big problem. 

Short message service (SMS) scams are social engineering attacks that work like email phishing attacks. Called ‘smishing’ (a portmanteau of SMS and phishing), the attacks aim to trick the victim into providing information or access that benefits the attacker.

Current SMS Scam Tactics

One of the more effective and modern variants of scam text messages alert users of a new, incoming package delivery. Upon replying, the scammer harvests personal information for identity theft, monetary theft or the theft of company information. In one specific variant, the text directs victims to a website and offered a small gift (like a wristwatch) in exchange for participating in a survey. They’re asked for credit card information to cover shipping, and, of course, the credit card information is stolen. 

Another scam text message campaign pretends to come from banks. It tricks victims into divulging their banking credentials. Once they’ve done so, the Emotet malware infects their machines. 

Yet, another scam threatens the victim with violence if they don’t pay. These are different approaches to the same aim: all are designed to extract information from the target for nefarious purposes. What they all have in common is that they all want you to do something, like visit a website, click on a link or take some other action.

Other scam text messages reference food aid, jury duty, a mobile carrier, a bank, COVID-19 or human trafficking. It doesn’t always help to understand the specific content of text attacks that have already happened, though. Future attacks will be designed to surprise you with brand-new content. 

Why People Fall for Scam Text Messages

Scammers are engaged in a back-and-forth fight with smartphone users as part of a larger arsenal of mobile scam techniques. And, they have two advantages. First, they leverage techniques that are the result of an evolutionary process of learning how to scam people. Next, victims aren’t aware that the conflict is even taking place. 

The first step in social engineering is a misdirection: to excite the mind of the user and get them thinking about something emotional to disarm whatever skepticism they may have. 

For example, “You’ve got a package!” “There’s a problem with your bank account!”  

Another variation on this theme is to tap into a concern you already know people are thinking about. That’s why the people who send scam text messages love upsetting current events. Wildfires! Pandemics! Politics! Crime! Missing persons! By referencing current events, scammers are hoping to route around your defenses and get you to click or act.  

What To Do About Scam Text Messages

Protecting against scam text messages is an important component of application security, mobile phone security and mobile data protection. Use training and awareness to inform people to: 

  1. Never respond to any messages in the way they invite you to. If a message says it’s from your bank and asks you to click on a link, call the bank. If a delivery service asks you to confirm delivery, go to the website you ordered from and do it from there.
  2. Don’t be fooled by personalization, branding or messaging that looks legitimate. Fake branding is one of the main ways scammers trick people.
  3. Here’s how to report a scam text: check out the options on the FTC website

Don’t be lulled into thinking that scam text messages are yesterday’s threat. In fact, text scammers are evolving, learning and changing. Train your staff to recognize, handle and report scam text messages and expect the unexpected. 

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …