Instead of a prize, you could find unauthorized charges on your credit card or worse: Sixty percent of scam texts are designed to transmit “malware,” says Michael Bruemmer, head of global data breach resolution at Experian, the credit reporting agency. This malicious software can infect your device and grab enough personal info to take over your shopping, financial, and social media accounts, or even steal your identity. Text scams, or “smishing,” are overtaking phone call scams as criminals’ digital tool of choice, and now account for 22 percent of all fraud reports to the FTC’s Consumer Sentinel Network, which shares scam info with law enforcement agencies. One likely reason: It’s easy for fraudsters to send out numerous messages at a time via a chatbot, a tool that can engage in human-sounding communication.
Spotting a Text Scam
“One of the best prevention tips is to be wary of any unsolicited, out-of-the-blue outreach,” says Eden Iscil, public policy manager of the nonprofit National Consumers League. And any text that mentions “fraudulent activity detected” or “free gift” should set off alarms. Spelling and grammar mistakes may also be signs of a scam message.
So if you’re unsure, don’t respond or click on a link. Contact the source that the text appeared to come from through official channels. “If it’s regarding your credit card, call the issuer,” Velasquez says. “If it’s about your bank account, call the bank directly or log in to your account online to investigate. Call your cable company’s customer service number directly.” (If you get confirmation that the text was a fake, forward it to 7726 to help your wireless carrier identify scammers. Then block the sender and delete the text.)
If you opened the text: Opening a suspicious text or even sending a simple reply—for example, “You don’t have the right person”—won’t put you in danger of malware being transferred to your device or your personal data being taken, Velasquez says. But it does tell the fraudster your number is active, so you could receive more smishing texts in the future. (The same can happen if you click on “unsubscribe” or “stop” links.) Simply forward the text, then block the sender and delete the text.
If you clicked on a link and were led to a website, exit the browser ASAP, and delete the URL from your browsing history, Bruemmer says. Then forward, block, and delete as above. Temporarily disconnect from WiFi or turn on airplane mode. Then, because you can’t always tell when a device has been infected with malware, it’s smart to run a security program (see “7 Smart Security Steps,” below). Or call the device’s manufacturer for tech support or a referral to a tech pro who can scan it, Iscil says. And if you shared info that could compromise an account (notably, a password), change relevant information, such as password and username.
If you got scammed: The remedies vary, depending on what was taken and how quickly you became aware of the scam. But if, after reporting and blocking the sender, you suspect or know that someone got into accounts that have payment methods associated with them (perhaps you notice an unfamiliar autopayment coming out of your bank account or your credit card issuer put a hold on a card), contact the fraud teams at those companies right away for guidance. You can search online for the contact number. You may have to close some accounts and open new ones, Bruemmer says, and you’ll certainly want to change passwords and usernames of compromised accounts. Then get in touch with the customer service or fraud departments at any nonfinancial accounts and platforms you think may have been affected.
If your mobile device isn’t working after an encounter with a scammer, whether they reached you by phone or another method, take the device to a tech repair service as soon as possible. This can stop a scammer from accessing your personal data and contacts. Also, call your cell carrier for advice; search its name and “fraud department” online to find the appropriate number. They may have you reset the phone.
• Filing a report with your local police is wise. You might need to do this if you have to prove to creditors and credit bureaus that you were defrauded.
• If you think the scammer may have sufficient information to open lines of credit in your name (your name, address, and Social Security number can be enough), ask the three credit reporting agencies—Equifax, Experian, and TransUnion—to freeze your credit to prevent this. Request copies of your credit reports, too, and monitor them (and all money-related accounts) for a year afterward for oddities like your credit score drifting down for no discernible reason or new credit card accounts you didn’t open.
• Watch for unexpected credit or debit cards in the mail, or denials for such cards, says Velasquez at the Identity Theft Resource Center. Iscil at the National Consumers League adds, “Victims of identity theft may also notice incorrect information on a credit report, receive bills for credit cards they did not open, or detect abnormalities on their tax forms or Social Security benefit statements.”
• Depending on your particular situation, you might want to take additional steps. For instance, if you think your Social Security number or Medicare data was used in fraudulent ways, contact those organizations. The FTC’s IdentityTheft.gov, the Identity Theft Resource Center, the AARP Fraud Helpline (877-908-3360), and your local FBI office may have advice for specific issues.