Watch out for these Bank Imposter Smishing Attacks
Is this text really from my credit union?
It’s Saturday afternoon. You’re busy running errands, and out of nowhere your phone chimes. It’s a text from your credit union and it says, “Did you attempt an $878.29 transaction at Target today?” You start to panic. You didn’t spend almost a thousand dollars at Target! You reply, “No!” The fraud department calls you and starts asking questions about your account and identity. Worried about your account, you answer their questions. And just like that, you’ve given a fraudster all the info they need to hack into your account.
This is an example of smishing – an SMS (text message) form of phishing, and it happens all. the. time.
The best way to protect yourself from fraud is to be aware and wary. Here’s everything you need to know to spot, prevent, and react to these smishing attacks.
How to respond to a suspicious text, email, or call from your bank or credit union
Whether you think the message is real or a scam, it’s best to follow these steps right away:
- Don’t Engage. Don’t click any links, don’t open any attachments, don’t respond, and if they call, don’t answer. The more urgent it seems, the more important it is to take the time to verify if the message is real. If this is a real message from your institution, you’ll be able to resolve it by reaching out to them directly.
- Contact Your Institution Directly. Don’t rely on any phone numbers shared in the message, and don’t trust anyone who calls you. You should either call the number listed on the back of your credit or debit card for that institution or look up the bank or credit union’s website and use the contact number listed there to call your branch or the fraud department. You’ll be able to check on your account status with a real representative, and they’ll help you take any further action if needed.
Important: NEVER call a phone number suggested in the text or email
How to report smishing
If you’ve received a text, call, email, or another form of fraudulent contact, you should act quickly to report it. The best actions to take depend on if you interacted with the scammer or not.
How to report smishing if you responded
If you clicked a link, opened an attachment, or provided any personal or account information, you should call your financial institution’s fraud department immediately.
Sierra’s team will likely ask you to do the following to secure your account:
- Change your online banking usernames and passwords
- Lock impacted credit or debit cards with Remote Card Control – located in online and mobile banking
- Check and keep an eye on your transaction history for any suspicious charges
- Consider changing your email address passwords
How to report smishing if you didn’t respond
If you’re confident that the scammer didn’t get any personal information, and you didn’t click any links or open attachments, you don’t need to call the fraud center. You should forward the email or text to email@example.com and then delete it. We will review the message and contact you if needed.
How to identify smishing
Some banks and credit unions do use text alerts to inform you about account activity. Sierra Pacific members can set up text messages about account balances, transactions, and payment dates, among other things. And with scammers constantly upping their game, the warning signs we used to rely on might not be so obvious today. So how do you differentiate between real and fraudulent banking messages?
Note: Sierra Pacific’s Fruad Partners will never text you about suspicious activity!
Do you have text alerts enabled for this institution?
If you’ve opted in for text alerts and messages from your credit union or bank, then there’s a chance this message is legit. If you haven’t, then it’s probably a scam. You can check this by logging into online or mobile banking and navigating to your “Alerts” or “Notifications” settings.
If you aren’t opted in for text alerts, then it’s probably a scam. Report it to your credit union and the FTC, and delete the message.
If you have opted in, keep investigating before you click any links, open attachments, or call any number they give you.
Check for Red Flags
These common red flags could clue you in to a smishing attempt, but don’t get comfortable if none of the warning signs appear. It’s always a good idea independently verify anything these messages claim, either by contacting your institution directly or checking your transactions in online banking.
- They ask for your PIN code, username, password, account number, or other credentials. Your financial institution should never ask for this info over text message.
- They ask you to click a link or open an attachment. The reason might seem legit – to verify your identity, to view the transaction, or to file a report… DON’T CLICK!
- The message is urgent. Scammers often use urgency to scare users into acting without thinking or verifying. If the message tells you to act quickly or otherwise hits your panic button, it might be a scam.
- They ask you to send money or make a purchase. Some scams trick people into spending or sending money for various reasons – verify identity, test a card, claim a reward, etc. Don’t fall for it – especially if it involves gift cards, wire transfers, or depositing a check.
- It’s too good to be true. If there’s reward money, incentives, or other amazing things riding on your response to a text or email, odds are it’s a scam.