By Arica Chhay, Jay Krous
Scammers often use text messages, appearing to come from your bank, as a common tactic. An emerging twist motivates one to respond by warning about supposed fraud on your account. In the rush to address this supposed fraud, you might feel compelled to respond with personal information or click a malicious link and provide a password to the scammer.
It can be challenging to distinguish between a scam text and a legitimate notification, particularly when the urgency to respond is heightened by alleged fraudulent activity.
A real-life example of such a scam, which was recently received by an employee of Berkeley Lab, is shown below. Examine it to understand how to recognize the attributes of this particular scam.
How to Spot an SMS Phishing Scam
1. Text arrives via an unknown number. Attackers can also modify the caller ID so it displays the name of a real company or person. Do not trust SMS messages.
2. The message indicates an urgent situation is at hand to encourage immediacy in your response.
3. The text includes a link to a suspicious URL web address. Note the usage of “wells” in the URL to add validity.
Always verify the validity of messages separately by contacting the institution directly from their official website.
Recommended Actions
The best defense for these attacks is to be aware of the attack methodology, remain vigilant, and report anything suspicious. Read our previous cybersecurity articles for more tips on how to avoid SMS phishing and other scams.
How To Report Spam Text Messages
Report any spam texts on the messaging app you use to block further messages from the specific scammer.
You may also send information about spam to the Federal Trade Commission (FTC) to help other consumers.
- Copy the message and forward it to 7726 (SPAM).
- Report spam incidents to the FTC at ReportFraud.ftc.gov.
in the bottom right or navigate to