Fraudsters are nothing if not innovative. They keep up with the times and trends. As emails have given way to text messaging as a communication preference, scam artists have followed suit with smishing text messages.
Email usage has shrunk and now has a smaller audience, with texts having a higher read rate. So, those wishing to separate you from your money or information will typically adopt an area code you are familiar with, and will pretend to be a nearby business, hoping you’ll respond with information that is better kept private.
David Glod is the Vice President of Information Security at Mountain America Credit Union. It is his job to protect their members and others from falling victim to these schemes. Glod taught computer forensics and security and risk control at the University of Utah before moving to Mountain America Credit Union.
“Basically, my team and I are charged with protecting members’ data and their finances. We are responsible for finding vulnerabilities and flaws and remediating them before they become a bigger problem. We are looking for anything suspicious,” Glod says.
The latest text message frauds are those pretending to be from a financial institution. So what can you look out for? Glod explains that the message will probably be from an unfamiliar phone number; one a person wouldn’t recognize from their bank, credit union, or credit card company.
A second clue is that the text won’t reference the person by name, but rather “Dear Member” or “Dear Customer.”
And third, says Glod, the text will be something unexpected. “For example, out of the blue, a person can receive a text saying a transaction will not be allowed, or that they’ve detected fraud on your account. They are trying to create a sense of urgency.” The idea is to get you to click on the provided link, and from there the crooks ask for personal information that will compromise your security and could get you into financial trouble.
The scammers are pretty sophisticated. If you do click on the link, it will generally take you to a page that looks very similar to the institution’s login page. From there, they ask for your username and password. “These sites can look very legitimate,” Glod says. “They may even register a very similar domain name with maybe just one letter off and people don’t notice it.”
So how do you protect yourself? Glod has some advice. The first thing to do is just pause a moment before you click. Don’t let panic cloud your judgment. Then ask yourself some questions. Does the message look legitimate? Was I expecting it? The best thing to do if you have any questions is to delete the text. Just receiving the text won’t compromise someone’s information.
You also have another option. You can take a screenshot of a suspicious text and send it to firstname.lastname@example.org whether or not you’re a Mountain American member. Glod says the credit union works with other institutions, helping each other out to bring a stop to fraud. Sometimes they are even able to shut down the fake sites and phone numbers.
If you’re worried because you clicked on a link and gave out personal information, call the financial institution referenced and tell them your concerns. They can guide through the steps to undo the damage.
Other good practices for protection is to set up transactional alerts to inform you of any login or transaction. The quicker you can stop a bogus transaction, the better the chance for success.
Make sure to set a strong, unique password. Glod recommends using a password you don’t use anywhere else for your financial institution, and says the longer the better. “Instead of the minimum of 8 characters, I recommend 12 to 15.”
Enable multi-factor authentication. This involves getting a text code authenticator when you sign in. That way your account is still inaccessible even if your username and password fall into the wrong hands.
If you get a call or text you are worried about, don’t respond. Instead, call the number on the back of your credit or debit card and ask to speak with the fraud department. Reputable financial businesses will never ask for your password or have you text back an authenticator.
The crooks are out there, but don’t panic. Take a deep breath, think twice, and stay safe.