Text Scams: Your Account is Locked or Compromised
Text alerts are a fantastic tool to stay on top of your finances. Many financial institutions offer users the ability to sign up to receive alerts for a multitude of scenarios.
You can choose to be notified if your bank account falls below a certain threshold, if a designated payment clears, and if your account has been locked out.
Unfortunately, fraudsters are aware of these alerts too and have targeted them to perpetrate a smishing scam.
Example of an Account Locked or Compromised Scam
Smishing, the SMS variation of phishing, is the fraudulent practice of sending text messages impersonating companies to obtain an individuals personal information. This could include usernames, passwords, credit card numbers, or social security numbers.
In this specific text message scam, individuals receive a text message that purports to be a banking alert. It is possible to also receive messages impersonating other companies as well.
The text message states that your account is locked or compromised. You might even receive a message from a company that you do not hold an account with.
Depending on your phone or how you receive texts, examples of these messages may look like these or similar:
FRM: FI NAME
Subj: Go To [FINameHyperlink] Now
If you click on the link provided, you will be directed to a website that will ask for personal information. The website might impersonate that of your financial institution and ask you to enter your username and password.
If you enter these credentials, the fraudsters then have access to your bank account. The link could also be malicious and download a virus or malware onto your computer.
Smishing was listed as one of the most prevalent crime types reported in the recently released FBI 2019 Internet Crime Report.
There were a total of 114,702 victims in this leading Phishing/Vishing/Smishing/Pharming category, with an astronomical amount of $57,836,379 in total losses.
Red Flags to Look For
Detecting these text messages can be tricky. Often when you receive text message alerts, they come from a short code rather than the company’s public telephone number.
How do you decipher between real and fraudulent messages?
- The hyperlink is not your financial institution’s web address. Missing hyperlinks on the web page could also be a sign the web page is not legitimate.
- If the message asks for your personal information, it is likely fraudulent. Companies that you do business with should already have this information and do not typically send messages asking for it.
- The message urges you to act immediately to avoid repercussions. For example, in Apple-related scams, users received a message stating that their accounts would be permanently disabled unless they took immediate action. A fraudster will try to pressure you to act quickly before you have had time to think things through.
What Can I Do to Protect Myself
If you receive a message that your account has been locked out or compromised, always take it seriously. However, never click on links in these text messages.
Instead, contact your account provider directly using a telephone number obtained independently from the suspect message, such as from the account provider’s website, to verify the authenticity of the message.
This also makes the institution aware if there is a scam purporting to be them so they can issue a warning to other customers.
You can also do the following:
- Install a reputable mobile security app.
- Never click on unsolicited links.
- Place your number on the Do Not Call registry. While this may not eliminate fraudulent messages, legitimate companies typically follow these guidelines, so it can assist with determining whether they are fraudulent.
- Rather than clicking on a link, go directly to the online portal for your institution. If there are any issues, you should be able to resolve them there.
- Check the website of the company for any alerts of recent scams.
- Never verify your personal details through a text message. Additionally, companies that you do business with already have your information and will not need to ask you for it.
- Update your passwords frequently.
You Received a Suspected Smishing Text – What’s Next?
Steps taken after receiving one of these messages are dependent on whether you clicked links or gave any personal information. Always do the following steps:
- Report spam texts to your mobile carrier by forwarding to 7726 (SPAM).
- Delete the message and block or hide alerts.
- Notify the company being impersonated.
If you did click on a link or give out your information, do the following:
- Immediately change your passwords.
- Review any related accounts for any unauthorized activity.
- Get your device reviewed for malware or viruses.
- Contact the Federal Trade Commission to report and monitor identity theft.
- Report internet crime to the FBI’s internet crime complaint center or call your local FBI office.
For any questions on text alert or other smishing schemes, or to discuss keeping your account safe, 121FCU offers free financial counseling. Call and speak with a representative today!