What is Phishing & Smishing?

The Dangers of Phishing and Smishing

Phishing and smishing are methods criminals use to trick you into giving them personal financial information such as credit card numbers, bank account numbers, Social Security numbers, passwords and other sensitive information. They use that information to steal your money or use your good name to open new loans or credit cards.

Phishing uses an email message to gather that information. Smishing uses an SMS text message to your phone.

How the Scams Work

Criminals create these messages to look like they are coming from your financial institution or another trusted company. Usually, they will tell you that your bank account, your credit card account or other electronic payment account needs to be “updated” or “validated.”

The message will say there are dire consequences if you don't take action, such as your account being frozen or closed.

The message typically provides a link or a phone number, and you are told to follow the link, or make the call, in order to update and validate your account to fix the problem.

By responding to these messages, you allow the criminals to steal your information because you are sent to a website or call center that is structured to seem legitimate. However, any information you enter into this website or give over the phone is captured directly by the thieves.

How to Protect Yourself

The U.S. Department of Justice suggests three simple steps to help you avoid becoming a phishing and smishing victim.
  1. STOP. The message is designed to get an immediate reaction from you by making it seem like an emergency. Do not click any link or call any number included in the message.
  2. LOOK. Think about the message. Does it make sense that your account would be closed if you don't respond immediately to a link in an unexpected message? A safer choice would be to log into your account normally or call the company; don't use the link or phone number inside the unexpected message. If there are no problems or alerts when you log in normally or call the company directly, you know the unexpected message is fraudulent.
  3. CALL. Tell the company or financial institution that you received a suspicious message purportedly coming from them. The person at the company or financial institution will confirm there’s no problem, and they can warn others about these fraudulent activities.
Access our Identity Theft Emergency Repair Kit for additional detailed information about identity theft and what actions to take if you believe you are a victim of fraud.