Smishing Scams: 7 Steps to Avoid Becoming a Victim

We love our cell phones. They connect us to everything, and we can’t do without them.

Unfortunately, scammers are trying to take advantage of our reliance on this hand-held technology.

Regions Bank warned about an uptick in smishing attacks back in Feburary. Smishing occurs when a fraudster sends you an SMS/text message asking you to provide sensitive, personal, and/or financial information via a web link and false website, or via a telephone number. There is often also a sense of urgency in the message to get you to act quickly without much thought. Both the Federal Trade Commission and the FBI have sent out alerts. Yet the problem has only gotten worse as scammers send messages that tend to look like they are from your bank, urging you to take action immediately.

“The financial services industry has experienced a rise in smishing scams,” said Jeff Taylor, head of Commercial Fraud Forensics at Regions Bank. “Fraudsters convince a victim to provide their personal information by impersonating a bank or other trusted partner.”

Why are smishing scams working? Because technology has made it easier for bad actors. For an investment as little as $50 a month, criminals can use a phishing-as-a-service platform to create fake landing pages that look and feel like the real thing. For banks doing legitimate business, the best response is to make customers aware of the dangers.

That’s why we’re here with some advice on what to look for, what to do if someone sends you a questionable text and what to do if you fall prey to a scam.

Smishing Scams: 5 Signs

• Misspelled words.
• Letters that should not be capitalized.
• Incorrect grammar.
• Asking for personal information. Banks like Regions will never call and ask you for that information over the phone nor ask you to change your password over the phone.
• A link that doesn’t look right – hover over links to view the URL before clicking.

7 Steps to Avoid Becoming a Smishing Victim

1. Avoid clicking links within text messages, especially if they are sent from someone you don’t know. But also be aware that attack messages can appear to come from someone you do know, so think before you click.
2. Don’t respond to text messages that request private or financial information from you.
3. If you get a message that appears to be from your bank, financial institution, or other entity that you do business with, contact that business directly to determine if they sent you a legitimate request. Review this entity’s policy on sending text messages to customers.
4. Beware of messages that have a number that says it is from “5000” or some other number that is not a cell number. Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.
5. If a text message is urging you to act or respond quickly, stop and think about it. Remember that criminals use this as a tactic to get you to do what they want.
6. Never reply to a suspicious text message without doing your research and verifying the source. If your bank is really going to cancel your credit card, you should be able to call the number on the back of your card to discuss this matter with them.
7. Never call a phone number from an unknown texter.

“At Regions, the best way to protect our customers is to make them aware of real-time threats,” said Kimberly Reece of the Fraud Strategy Customer Experience team. “If something is amiss, we may initiate contact, but we will never ask for your financial or personal information.”

If all else fails and you fall for a smishing scam, act quickly.

5 Steps to Take After a Smishing Attack

• For card-related inquiries, call the phone number on the back of your credit or debit card.
• If you receive a suspicious email or text that appears to be from Regions, you should forward it to [email protected] and then delete it. This helps our security team go after the scammers.
• If you receive a suspicious SMS or text requesting that you call Regions, you can first verify that the number is legitimate by visiting our Contact Us page. (If you use another bank, they’ll have similar procedures you can easily find online).
• If you receive a suspicious SMS or text requesting that you call Regions, you can verify the message by these numbers of origin: 30438 for personal credit cards, 39199 for business credits cards, or 42850 for Check Card, ATM Card, Now Card or HELOC Platinum Card. If you are a Regions customer, please add these numbers to your contacts. (If you use another bank, they’ll have similar procedures you can easily find online).
• When in doubt, hang up and contact your bank immediately.

“Smishing messages are dangerous only if the targeted user acts on it by clicking the link,” said Juan Saavedra, Corporate Security area manager in Florida, Georgia and South Carolina for  Regions. “So, always remember to avoid responding to phone numbers you don’t recognize. If you do fall prey, then send the suspect message to your telecom company so they may investigate, as well as the FCC.”

Difficult Economic Times Breed Business Fraud Schemes

8 Steps to Avoid QR Code Scams

5 Steps to Stop Phone Scams

Stopping Ransomware in Its Tracks

8 Steps to Guard Against Cyber Threats

The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.