Chat Phishing: Don't Take the Bait in Messaging Scams!

Have you ever received a text or instant message from someone who obviously knows you, but you can’t quite place them? Do you come clean or do you, like many of us, play along and try to fake it? Well, beware, because cybercriminals are now playing on our social embarrassment and other fears to con us out of personal information, money, and more via instant communication. ​

According to a recent Trend Micro report, 2018 saw an 82 percent increase in detected phishing URLs, including phishing attacks sent through instant message or text. MyIDCare members have reported seeing phishing attempts through various messaging platforms and even text on their phones, which is called “smishing”. The Trend Micro report says the use of chat, texting, and other direct channels shows that cybercriminals are adapting quickly as our communication styles shift. ​

While “smishing” is relatively new, the scams are the same ones we’ve seen for years. Some pretend to be from people you know (probably names taken from your social media pages), probing for personal information. Others pretend to be from banks or other financial institutions. One of our members recently saw a classic scam delivered through Craigslist. The scammer texted, offering to wire money for an advertised item. Our member didn’t bite, but what usually happens next is that the scammer says they can’t buy the item after all and asks for their money back. The victim sends money, only to find that the original money transfer to them never really happened. ​

Here are some tips to protect yourself from these kinds of scams:

• Beware of texts from banks, credit card companies, or government agencies asking you to provide personal information to verify your account or resolve some other emergency. These organizations should have your information and would never verify it by text. If in doubt, call them directly.
• Watch for texts from suspicious numbers. If the number doesn’t look like a normal person’s cell number—for example, if it has a sequence like “8000” in it—don’t respond.
• Enable the “block texts from the Internet” feature on your phone if you can. Phishers often text via the internet to hide their identities.
• As with suspicious email, look for poor English and other clues that the message isn’t legit, don’t click on links, don’t provide personal information, and never trust an offer that’s too good to be true.
• Don’t text back, because that shows the criminals that your contact info is good and you’re willing to respond, and that sets you up for more phishing attempts.

Above all, don’t let the “instant” part of instant messaging get you into trouble. Criminals leverage our social embarrassment at not knowing someone, our fear of a financial or legal problem, or even our eagerness to sell something online to trick us. The best fraud protection is to give yourself time to think. Practice defensive messaging as you would defensive driving: stay focused, keep to a safe speed, and stay in control. ​