Smishing is a phishing text message that’s delivered to mobile devices where bad actors impersonate a person or company in an attempt to commit fraud. The contents of the sent text message often contain links that are meant to trick people into revealing sensitive information. These attacks are successful because people are more inclined to trust a text message and many people are unaware that phishing attacks can occur via text message. In some situations, smishing is a tactic used by bad actors to bypass multi-factor authentication and gain unauthorized access to personal accounts.
Understanding Smishing Attacks
Smishing can start with a vague greeting in a received text message from an unknown number. “Are you okay?” or, “I’m at the airport, where are you?” are some examples of these vague greetings. Don’t engage with these messages. Imitation is another tactic bad actors utilize for successful smishing attacks. They will impersonate legitimate companies or banks as they attempt to make their request appear legitimate.
It’s important to remain vigilant and be thorough to prevent falling victim to smishing attacks. If you believe a text message that you’ve received is a smishing text, delete the message and do not respond.
Tips for Avoiding Smishing Attacks
Smishing attacks are becoming increasingly popular with bad actors using them to gain unauthorized access to credentials. Here are some ways to identify and avoid them:
- Your Financial Advisor won’t text you requesting sensitive information. LPL advisors won’t contact you via text requesting sensitive information. If you receive a text message, call your advisor.
- Don’t click on links in unexpected text messages from unknown sources. There are always increased risks associated with interacting with unknown links. Some links can deploy malware to your device or steal sensitive information.
- Be Wary of text messages requesting personal information. Be sure to protect your information, even via text message. Limiting the exposure of your information will help prevent identity theft.
- Add Security Software to Mobile Devices. This software can scan your device for malware and alert you to issues with the device.
I think I may be a victim of smishing. What should I do?
- Stop all communication. If you are in contact with a scammer, cease communication immediately.
- Report the incident. You can file a complaint with the IRS on their website. Additionally, you can report the incident to the Federal Trade Commission (FTC) on their website.
- Protect your identity. Monitor your financial accounts, credit reports, and any other sensitive information for signs of unauthorized access and activity. With most accounts, you can place a fraud alert or a credit freeze to prevent further compromise.
- Document the incident. Keep any record of communication and documentation related to the scam. This can be extremely useful when reporting the incident and resolving any issues with tax authorities.
Additional Considerations
If a scammer accessed your accounts… | Immediately change all passwords associated with the scam. Ensure the new password is strong and do not reuse passwords. Enable Multifactor Authentication (MFA) on all accounts. |
If a scammer has access to financial information… | Contact your bank or credit card company immediately. They can help monitor your accounts for suspicious activity. |
If a scammer has your social security number… | Place a fraud alert and initiate a credit freeze on your credit reports by contacting one of the three major credit bureaus. Additionally, file a report with the IRS and your bank so that they can protect your identity and monitor your accounts. |
This material is for general information only and is not intended to provide specific advice or recommendations for any individual. This material was prepared by LPL Financial, LLC
Tracking #588885
Exp. 06/2027