It took just a momentary lapse in judgment for Alyssa Beckwith to fall for the scam.
The text message she received looked legitimate — even expected. After some of her personal information had already been stolen a few years ago, she signed up for text alerts from her bank, Wells Fargo, to confirm each time she made a new purchase. And that step to protect herself, ironically, is what made her such an easy target.
So when a scammer texted Beckwith in April, telling her that her Wells Fargo card had been charged with a $240 withdrawal and to “Contact Us if Suspicious,” she didn’t think twice and called. A robotic voice welcomed her to Wells Fargo and asked her to verify herself, so she entered in her credit card number, Social Security number and birthday.
“This information is valid. Thank you,” the voice said, and hung up. Only then did she realize her mistake.
“I was like, wait a minute,” Beckwith said in a phone interview. “I’m surprised it didn’t connect me with somebody to talk to. Usually that’s what happens. That’s when I thought, ‘Oh my God, oh my God, I think this is a scam.'”
In the space of a few minutes, Beckwith became the latest victim of “smishing,” or SMS phishing, in which a scammer sends a text message to trick a person into turning over some sensitive personal information, which can be used for all sorts of fraud, like siphoning money from their bank account or opening up credit cards in their name.
Unwanted texts have existed for practically as long as the text message itself. But with more people using their smartphones to make payments and as many sites for banks and utilities verify users’ accounts through text messages, the fraud floodgates have opened.
The numbers are staggering. The Federal Trade Commission got 334,833 complaints about scam texts last year, more than double the year before. People around the world were exposed to about 125 percent more smishing attempts every three months, a new study from the cybersecurity company Lookout found.
Jacinta Tobin, a vice president at Proofpoint, a cybersecurity company that specializes in threats to mobile phones, said scammers and criminal hackers noticed that more marketers and businesses interact with people through text messages and simply followed that trend.
“Before, text was a very clean, relatively speaking, peer-to-peer channel. You don’t communicate with strangers via text. It’s just friends,” Tobin said in a phone interview. “But now texting has opened as a more general communication channel for business, like transaction confirmations, fraud alerts.”
Scam and phishing messages sent via text are particularly tenacious because there’s little ability to block them. Good email providers now block most junk and phishing emails, making email spam a shadow of the problem it once was. While unwanted phone calls are annoying, you can at least look at the caller’s number and decide to not to take a call.