Contact
Smishing is a fraud in the form of phishing, through which the scammer tries to obtain private information through a text message or SMS. It usually impersonates a known person, company, or trusted entity with a message that urges you to take action, whether it's to follow a web link, make a call, or respond to the message.
Highlights
Some examples:
-
An SMS from the bank asking for new data, or warning that there has been a problem with the card and that you urgently need to access a link to unlock it. Or courier companies, who talk about a problem to be solved urgently, a package that could not be delivered, etc.
Dear customer, your credit card has been blocked for security reasons. To unlock it, you must urgently visit (…) and complete these steps. It has 24 hours.
- Messages informing us of special promotions, offers, contests or prizes.
We only need your personal data, send an SMS from your mobile with the word OFFER to (…) and we will ask you for your home address. We will send you the watch within 20 days.
- A WhatsApp message pretending to be your son or daughter, a friend or other family member, saying that you have lost your mobile phone and need a deposit for Bizum.
Hi mum. I'm at the gas station. My cell phone doesn't work and I can't pay. Could you make a Bizum to this number?
TOPAdditional rate numbers
Premium rate numbers have become a common way to scam. These are numbers with additional pricing:
- Those starting with 803, 806 and 807.
- SMS to short numbers starting with 2, 3, 79 and 99. Those starting with 79 are particularly dangerous as they are subscription services and we will be charged for each message received.
Recommendations
- Be wary of messages that ask you to take an urgent action, especially if it's to access a link, make a call, or download an app.
- Be suspicious if you receive an unsolicited two-factor verification (MFA, 2FA) code. Maybe your credentials have already been stolen.
- Contact the sender in an alternative way, to verify the authenticity of the message.
- Ask your mobile operator to disable special rate numbers. Some carriers allow you to do this from the client application itself.
What to do if you fall victim to a smishing scam?
- If you have provided credentials, change the password of the services that may have been affected, be it the bank, personal mail, work account...
- If you have installed a fraud app, you need to uninstall it or remove it by doing a factory reset. It should be noted that this app may have stolen information from your device.
- If the fraud involves premium SMS subscriptions, contact your mobile operator to cancel the subscriptions. Many operators allow you to do this from the customer portal or mobile application.
- If you have provided bank details or a credit card number, contact the bank to prevent unauthorized payments and block the card.
- Collect all possible evidence and report the scam to the security forces.