Have You Heard of Smishing? It Sounds Ridiculous, But It’s a Real Threat
Over the past year, there has been a huge increase in scammers using text messages to pose as banking institutions alerting you to possible fraud. This has been a wide-spread issue that has affected the banking industry, but we wanted to address it directly to make sure you have the tips and resources you need to stay safe.
The irony of the fraudsters claiming they are helping you prevent fraud is frankly evil. This tactic uses SMS text messages to phish for your account information—hence the nickname “smishing.”
Rest assured, First Bank’s online and mobile banking are incredibly safe and have multiple security procedures in place to protect your information. But social engineers in this scam often purchase contact data from security breaches at large retailers like Target or chains like Sonic Drive-In, and then rely on tricking people into giving away additional personal information by making them think they are speaking to a bank representative.
The set up looks like this: a text message is sent saying that they are from customer service or the fraud department, and then usually ask about a specific charge (typically made up and not one you have actually made) that includes a case number to seem legitimate.
Here are the top 5 tips for identifying text message scams:
- Unusually long numbers: scammers will often use 10 or 11 digit numbers like (800) 555-5555. So even if you receive a text message claiming to be from a banking institution, look at the number and your own records to see if it seems legitimate. If you have any concerns, call the customer service number on the back of your card. Actual text messages from companies usually come from numbers, called short codes, that are 4, 5, or 6 digits (e.g. 12-345).
- Beware of the urgency: smishers often want to make you feel like you have to do something right now, so look out for text messages that imply you need to act immediately.
- Never click embedded links from suspicious text messages: they can contain malicious code that could infect your mobile phone—even iPhones!
- Do not respond to suspicious text messages: even if the message says you can “text STOP” to prevent future messages. Any response on your part will confirm for the scammers that the number is in use—and you’ll just be inviting more texts. If you do respond and receive a call from an entity claiming to be your bank or another company’s customer service or similar department, hang up and call or email the company directly using an official phone number from a recent bill or another valid source of information. First Bank’s Customer Service team can be reached at 866-792-4357 or firstname.lastname@example.org.
- Call first to confirm: if you get a suspicious text from an official-sounding entity and want to check it out, don’t use any information from the message itself. Instead, call or email the company or government agency directly using an official phone number from a recent bill or another valid source of information.
- Report the fraud: alert law enforcement by submitting a report to the FCC or the Internet Crime Complaint Center.
- Delete the text: once you’ve reported the fraud, be sure to delete the text entirely so that you don’t accidentally click or engage with the fraudsters in the future.
While First Bank does sometimes send out text messages to verify transactions, we will not request any account information or to make changes to your account at any point.
It’s important that you never give out personal information like your account number, online banking ID, SSN, or credit or debit card details in reply to a call, text, or email that you received.
Additionally, if you use online or mobile banking at First Bank, please do not share your Secure Access Code with anyone, even if they claim to be with First Bank. We will not ask you to provide it—ever—when helping you with a question or concern about your account.