Text message based identity theft a new problem for cell phone users.
You don't have to use a computer to be vulnerable to online scammers. Cell phones and other mobile device users are increasingly targeted with mobile spam attempting to trick them into revealing personal information.
"SMiShing" is derived from the familiar "phishing" The "SM" comes from SMS (Short Message Service), the protocol used to transmit text messages via cellular devices.
"SMiShing" text messages might ask a recipient to register for an online service -- then try to sneak a virus onto the users' device. In addition to virus-like "worms", which can spread through and disrupt a network, other scams are surfacing.
Some messages warn consumers they'll be charged unless canceling the supposed order by going to a Website that then extracts credit card numbers and other personal data.
Recently, credit union and other financial institution members have received text messages via cell phone warning that their bank account has been closed due to suspicious activity. It then tells them they need to call a certain phone number to reactivate the account -- that's when your personal information is harvested.
Some new "SMiShing" techniques include mobile Spyware that once downloaded to a cell phone can eavesdrop on conversations.
For now, these more extreme threats are rare, but with most mobile phone users casually unaware of the danger, security experts expect hackers and other criminals to increasingly exploit this available technology.
Despite safety guidelines, most mobile users have not yet learned to treat their phones with the same level of concern that they apply to their computers, security experts warn.
Loss Prevention Recommendations
- Don't display your wireless phone number or e-mail address in public. Including newsgroups, chat rooms, Web sites, or membership directories.
- If you open an unwanted message, send a stop or opt out message in response.
- Contact your wireless or Internet service provider about unwanted messages
- Do not,
under any circumstances, provide personal information to unknown
- Before submitting financial information
through a website, look for the "lock" icon on
the browser's status bar.
- Review credit card and other account statements as soon as you receive them to determine whether there are any unauthorized transactions.
- If a statement is late by more than a couple of days, call the credit card company or credit union to confirm your billing address and account balances.
- Report suspicious activity to the FTC.
- Send the actual spam/phish to www.ftc.gov.
- If you believe you are a victim of identity theft, file a complaint at www.ftc.gov and visit the FTC's Identity Theft Website (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from the identity theft.
- If you suspect you're a victim of identity theft, place a "Fraud Alert" on credit bureau records.