a hand holding up a smart phone with text messages from fraudsters on display

Financial Smishing Scams


Scam attempts can come from anywhere! Emails, phone calls, social media messages, browser pop-ups, and more; the list goes on and on. While criminals these days are inventing craftier methods of accessing personal information and tricking victims, one of the most common tactics is through text.

These smishing scams (a combination of the words SMS and phishing) involves fraudsters posing as your financial institution, a government body, utility company, etc. and sending you an ‘urgent’ text requiring your immediate action. Typically, they include malicious links for victims to click, or may ask that personal or sensitive information be sent over text. Criminals use this information to access funds, sell data on the black market, or even commit identify fraud.

While there are various entities criminals may pose as, like we briefly detailed in this article, we’re going to focus on how to spot a bank-related smishing scam.

Recognizing and avoiding a bank smishing scam

Spotting a smishing scam becomes increasingly difficult when factoring in all the details criminals perfect. Smishing texts are created to provoke a sense of fear or anxiety in their victims, while looking extremely realistic. Criminals are able to spoof numbers, hack other accounts to send messages from, and create realistic looking URLs that assure victims they are safe to click on.

Here are the red flags you should look out for when you receive a text claiming to come from your financial institution.

  • The message asks for personal information like usernames, passwords, account numbers, etc. This is the biggest red flag. As a general rule, financial institutions will never ask for this type of information to be sent over text. Never send this information.
  • The message is urgent. The message itself will typically attempt to provoke fear to prompt you to take action and do what the message asks. Remember to always take a moment to step back before you reply or click on any links.
  • The phone number is not recognized. This is an increasingly common tactic. Scammers, instead of spoofing or mimicking official looking numbers, will instead send smishing attempts from local numbers. Sometimes, it may even look like it came from your own phone number!
  • The message doesn’t make sense. Don’t let the urgency of a smishing text trick you into clicking or sending personal information. Take a moment to assess whether the message makes sense. Do you even have the product/service the text refers to? Do the details/contact information they share seem familiar? If not, do not respond to the message, or click any links in the text.

As you can see in the section above, recognizing smishing scams right off the bat can be tricky, especially because sometimes your bank will send you text messages! While it is important to keep in mind the red flags, they key to avoid falling victim to smishing scams is to take a moment to calmly assess the text message, and try not to act instinctively or out of fear or panic.

If you are not sure if the text you received is legitimate, also reach out to the purported sender through their verified contact channels. Do not respond to the text message!

Protecting against smishing scams

While all of us are bound to receive a scam text at some point, there are some things you can do to avoid falling victim to one, or even avoid receiving one in the first place!

  1. Don’t respond. No matter how official the text looks or how urgent the message is—don’t respond! If you think the text might be legitimate and is asking you to take action, respond to the company using verified contact channels.
  2. Don’t click on links. Often times, links in smishing messages are misspelled, don’t look familiar, or are shortened links that are just a combination of numbers and letters.
  3. Configure your device to block spam. You can enable settings in your smartphone to filter out a majority of spam or suspicious messages, and even download anti-malware programs for your device.
  4. Keep your phone updated. Keeping your smartphone up to date with the latest software edition can help keep your device safe.
  5. Enable multifactor authentication on your accounts. In the event of your personal information being compromised, multifactor authentication offers another layer of security so your account cannot be accessed. Check out our article here to learn how to enable multifactor authentication in CFCU Digital Banking.

If you think you have fallen victim to a smishing attack, first thing to do is notify the institution where you think your personal information was compromised. They can help monitor and lock down your account.

You can also report the crime to the authorities and the FCC. If you think your device may have been infected with malware, make sure you take it to a tech professional so they can help protect your data!


Related Articles

Ready to open an account or have some questions?

Reach out to us or visit your nearest branch!