According to a 2018 report from Trend Micro, there was an 82% increase in detected phishing URL including phishing attacks sent through instant messengers or text messages. The report had highlighted that the use of chat, texting and other direct channels showed how quickly cybercriminals were adapting their techniques to our communication styles.
Even though “Smishing” is relatively a new type of scam, it still carries the same goal as all other scams. In Smishing attacks, the cybercriminals pretend to be from people you know (probably names taken from social media pages) probing for personal information. Then there are others who pretend to be from banks or other financial institutions. There have been scams even delivered through services like Craigslist. Scammers had texted offering to wire money for an advertised item. So, with an increase in this type of scam, what exactly is Smishing.
What are Chat Scams?
Chat Scams are also known a s “Smishing”, which is another form of phishing. Phishing involves attackers sending compelling text messages to trick you into clicking on a link and sending the attacker private information or downloading malicious programs onto your device. Like other scams, there are different types of Chat Scams.
Types of Chat Scams
Smishing is one of the easiest ways for hackers to steal user data because the user is literally handing the hacker all of their information.
- Chat Interview Scams
Chat interview scams involve getting job seekers to divulge personal information via chat under the guise of interviewing for a position with a company. Scammers posing as employers will contact a job seeker about interviewing for a role through technologies such as Google Hangout, Skype, Facetime, Yahoo Messenger, Facebook Messenger, or even by text message. During the interview, the job seeker is asked to provide a credit card number, account PIN, social security number, or other sensitive information. Once the job seeker gives this information, the “employer” on the other end of the chat misuses it and any hope of a job offer dissolves. Several unknown contacts send similar messages with the promise of earning quick money.
- Social Networking Scam
Scammers approach victims online via social networking platforms, dating apps or instant messaging software under the guise of ‘friend making’. Having earned the others’ trust, the scammers will sweet-talk victims into undressing or performing indecent acts in front of a webcam. They would also entice the latter to download malicious apps or disclose verification codes of instant messaging software with the intention of stealing their contact details on phone. Later, victims are threatened to transfer money to a designated overseas bank account or to settle the sum in virtual money or by purchasing virtual point cards, or else the indecent footage would be circulated to their friends and families.
This had happened to 21-year-old Chetan Chabra, who had no idea that his friends had been sending money to a bank account assuming that it had belonged to him. Chabra found out when a friend had called him to ask if he had received the money. A cyber fraud made a fake account of Chetan on social media platform Instagram and sent messages to his friends seeking money to address an exigency. Two of his friends fell in the trap and transferred Rs 3000 each to a bank account in Dhanbad.
- Refund Scam
If you receive a SMS that claims you have received money (because you were previously overcharged for a particular service) and requests for your personal information to complete the refund, then it’s likely a scam. In Canada, there are fake text messages claiming to be from Canada’s wireless carriers offering a refund. These messages usually mention you have a refund waiting for you and to receive it, all you have to do is sign into your online banking to initiate the Interac e-Transfer. It sounds tempting, but once you sign in, you end up giving you online banking credentials to data thieves.
- Family Emergency Scam
Smishing texts often relies on scare tactics to convince people to act without thinking. If you get a text from a hospital, prison, or a stranger bearing bad news about your family, then stay calm and don’t panic. Ask specific questions to the sender to verify their identity, and don’t share any of your information until you’ve separately verified that the family member in question is experiencing an emergency.
Traditionally, fraudsters contact potential victims while posing as a family member or friend in urgent need of cash. Often the scenario involves an accident or arrest while travelling abroad, with a request that cash be sent through a money transfer company, such as Western Union or Money Gram.
- Reactivation Scam
Scammers may tell you that your account has been compromised via another device and ask you to text back to XXXXX to reactivate your account. Don’t reply to the message. Instead, check your account to confirm that it’s active. If it is, then it’s a scam. If your account is not active, call your service provider and ask why. Scammers are sending text messages making it appear to be from trusted banks, but in reality, it’s all an attempt to get access to your money.
How to avoid Chat Scams
- Verify the message: If you receive messages asking for your personal information, always verify it with the company or person making the request
- Look out for spelling mistakes: If the text or chat seems to have a grammatical error, it is said to be a tip that it’s either a bot or scammer operating.
- Don’t Respond: The safest way is to not respond at all. If it is anything important the company will try to connect you through various ways.
- Check before you act: Look up that friend or family’s phone number yourself. Call them or another family member to see what’s happening. Even if the person who contacted you told you not to.
- Never click on links: Always hover over the link or phone number in a message you are not sure about and never click on the links.
- Don’t store your credit card or banking information on your smartphone. If the information isn’t there, thieves can’t steal it even if they do slip malware onto your phone.
Remember that, like email phishing, smishing is a crime of trickery—it depends on fooling the victim into cooperating by clicking a link or providing information. Indeed, the simplest protection against these attacks is to do nothing at all. So long as you don’t respond, a malicious text cannot do anything. Ignore it and it will go away.