SMS message fraud, also known as smishing, is a type of phishing attack that uses text messages to trick users into clicking malicious links, revealing personal information, or downloading malware. Smishing can lead to identity theft, financial losses, or device compromise. Here are some best practices for end users to protect themselves against smishing:
- Register your mobile phone number on the Do Not Call Registry to reduce unwanted calls and texts. You can do this online at donotcall.gov or by calling 1-888-382-1222.
- Report spam texts to your mobile carrier by forwarding them to 7726 (SPAM). You can also report them to the Federal Trade Commission (FTC) at ftc.gov/complaint or 1-888-382-1222.
- Do not click on any links or attachments in suspicious texts, even if they claim to be from a trusted source. Verify the sender’s identity by contacting them through another channel, such as a phone call or an email.
Visit official websites directly by typing the URL in your browser, rather than following a link from a text message. Make sure the website has a secure connection (https) and a valid certificate. - Do not respond to texts that ask for personal or financial information, such as your account number, password, PIN, or verification code. Legitimate organizations will never request such information via text message.
- Do not reply to texts that instruct you to text “STOP” or “NO” to prevent future texts. This may confirm that your number is active and make you a target for more spam.
Use a reputable antivirus or security app on your mobile device to detect and block malicious texts and websites. Keep your device and apps updated with the latest security patches.