If you’ve seen an influx of annoying texts on your smartphone recently, you’re not alone. Scammers are increasingly shifting to text messages as their preferred strategy — and they’ve got plenty of new tricks up their sleeves to hook unsuspecting victims.
Why switch to texts? Well, it’s not as if people are picking up their phones with all the robocalls and phone scams going around. Tap or click here to see the phone scams to watch out for during the 2020 election.
Scam text messages can take several different forms. Some masquerade as delivery notifications from a trusted mail carrier, while others pretend to be companies like Netflix or Amazon. Here are red flags to watch out for, as well as six major area codes these spoofed messages are coming from.
Text message scams are coming in six awful new forms
A new report from Digital Shadows shows that text message scams are thriving during the COVID-19 pandemic. Not only has there been a spike in the frequency of SMS phishing (or “smishing”), the texts themselves are taking annoying new forms to trick their victims.
So far, Digital Shadows has found six variations of the scams, which impersonate real-world services. All of these messages include a malicious link to a phishing website, as well as an urgent message designed to trick you into clicking it. If you enter any personal information on the site, it’s sent back to scammers in charge of the campaign.
For added legitimacy, many of these scams will use your real name and location. This information most likely comes from data breaches or stolen credentials bought and sold on the Dark Web.
Nearly all of these messages come from spoofed numbers — which means there’s no easy way to trace them back to their origin. Fortunately, many of them share the same area codes, which makes it easier to spot. If you get an out-of-the-blue text from 917, 765, 646, 470, 347 or 332 area codes, consider this a red flag to delete it.
Here are the six main varieties of this sweeping scam campaign:
- Amazon texts: The scammers will pretend to be an Amazon delivery notification, and will ask you to confirm your information in order to receive your package. Clicking the link in the text will take you to a phishing site.
- USPS & FedEx texts: Just like the scam message above, these texts will contain an “urgent update” about a delivery, and will ask that you verify your information in order to get your package. Clicking the link in the text will take you to a phishing site.
- CashApp texts: These texts will claim to come from CashApp, a popular peer-to-peer payment app. The text will describe some kind of incoming payment or issue with your account, and you’ll be asked to confirm your personal data if you click the phishing link.
- Netflix texts: The scammers pretend to be Netflix with an alert about a problem with your account, an unauthorized login or a payment issue. If you enter your personal information on the phishing link, you could end up getting your Netflix password stolen, too.
- Adult entertainment texts: These texts appear to come from adult-related subscription services. Clicking the link in the text will take you to a phishing site that can steal your personal data and payment information.
- Payment card texts: These texts will usually be a bit vaguer and describe an issue with a “payment card” or financial service belonging to you. For added realism, the text may even include your name. Clicking the link in the text will take you to a phishing site.
Many of these texts are new spins on old campaigns — especially the delivery texts. But this time, the difference is that we can screen these texts more effectively now that we know the area codes the scammers are using.
What should I do if I receive one of these weird texts?
If any of these text scams somehow reach your inbox, here are a few things to keep in mind:
- Watch out for spelling and grammar errors. Many of these scams are run out of foreign countries where English isn’t the primary language, which is why spelling and grammar mistakes are a big red flag.
- If a text asks you to make a payment, delete and ignore it. Any legitimate deliveries shouldn’t ask for deposits or payment information. Any website link that does is just trying to get your card information.
If you read this article too late and already clicked one of these phishing links, you’re not out of luck just yet. Here are a few ways you can protect yourself:
- Call your bank or financial institution to let them know your credit card number was stolen. Ask for a new card and request that your current one be frozen. Make sure to ask that your account be monitored for fraud as well.
- If money was already stolen, tell your card provider that you were scammed and ask them what your options are. If your money was stolen recently enough, you may be able to recover it.
- Change the passwords you use for your banking apps and set up two-factor authentication to prevent unauthorized logins. Tap or click here to see how to set up 2FA for your bank apps.
These scams may seem obvious at first, but there’s a reason they keep popping up: they work. In the heat of the moment, you might not even realize you’re getting scammed. Pay attention to the signs, and you should be much safer.