Smishing scams are like clockwork this time of year. That’s because lots of people are
waiting on items they’ve ordered on Amazon Prime Day, and sales events at Walmart, Best Buy,
In the last few years, smishing incidents have more than doubled.
The FBI’s cybercrime complaint division said that in 2020, over 240,000 people lost a combined $54 million due to smishing, and phishing scams.
Smishing is a combination of SMS, as in texts, and phishing, those scams that try to trick you
into sharing information in an email.
You’ve probably already seen one come through your inbox. They look legit, notifying the victim
that a package they’ve ordered can not be delivered. It might even have “USPS”, “UPS”,
“FedEx”, or “Amazon” in the message or address. A smishing text will usually either ask you to
respond with a “yes”, or include a link to confirm your location.
If you reply with “yes”, you’ll get another text with a link. Two things can happen if you click it. It
might ask for personal information or lead you to log into your Amazon or other account. It might even look exactly like the Amazon login page. Or, maybe worse, a click could install malware on your phone, steal data on the phone, or even hijack your account.
Pretty nasty stuff. This can happen even on an iPhone. Recent updates from Apple have been to patch zero-day security vulnerabilities, meaning hackers were already using the vulnerabilities to hack into iPhones.
You should delete the smishing text, but before you do, forward it to the FCC, by simply
holding down the message, tapping “More” and forwarding to “SPAM”, then reporting it to your carrier by marking it as junk.
If you’re expecting a package, go to your account page where you ordered it from to see if
there’s a delay. And tell your kids too, another report shows most millennials are unfamiliar with
the term “smishing”.