“Automatic bill pay ready for review: Click here to approve.”
“Suspicious activity alert! Call now to reactivate your account.”
“New COVID-19 stimulus funds – reply now to sign up!”
Just as legitimate organizations worldwide have realized the power of text messages to connect with consumers, unfortunately, so have some cyber criminals and scammers.
These texts usually look like they come from a government agency, bank, debt collector or delivery company. Often they sound important or urgent, claiming that an account has been frozen or a password breached. Sometimes the messages come with a fake invoice awaiting immediate attention or a refund or giveaway that’s too good to be true.
Their goal: trick you into handing over private information or clicking a malicious link, which then infects your phone with malware. Over the past year, common threats have included fraudulent claims, unemployment insurance scams and fake messages from delivery companies, banks and vaccine providers.
As the organization representing the U.S. wireless industry and companies throughout the mobile ecosystem, CTIA has been working with the Federal Trade Commission (FTC), Federal Communications Commission (FCC), IRS, Department of Justice and other government agencies to crack down on these scammers.
Wireless carriers monitor and vet the messages of short codes that are leased through the U.S. Short Code Registry. The wireless industry has also established Messaging Principles and Best Practices for non-consumer senders of text messages, including businesses, non-profits and political campaigns.
Three steps to protect yourself
As these efforts continue, there are many things you can do to protect yourself, your finances and your personal information.
1. Keep unwanted messages out of your phone in the first place.
- Block – Both Android and iOS phones have built-in blocking tools. You can also use filtering software, analytics and machine learning tools to screen out suspicious numbers.
- Screen – Treat suspicious text messages like you would a call from an unfamiliar phone number. If you’re not expecting the message and if you don’t recognize the number or sender, it could be spam. Same if the message contains spelling or grammatical errors or presents an offer that’s too good to be true.
- Vet – Before opting in to a short code campaign, thoroughly read agreements, registration forms and privacy policies. Know exactly what you’re signing up for.
2. When you receive a message that looks suspicious:
- Verify – Research the sender, organization and cause online. Try a search with the name and “scam.” If the sender claims to be from a well-known company, call that company’s customer service desk using the phone number on the company’s official website. Ask about the campaign and any offers.
- Classify – Use your phone’s features to mark the message and number as spam.
- Report – Take a screen shot of the message and text it to 7726 (SPAM), send a spam report to your carrier, and/or file a complaint with the FTC and/or FCC.
Then delete the message.
Don’t click on links within the message or download any photos, multimedia files or attachments. Resist the temptation to respond to the message. A response confirms to the sender that your phone is active. Never reply to a text message with sensitive information like your credit or debit card number, password, PIN, birth date or Social Security number. Government agencies, banks and other legitimate organizations never ask for personal or financial information via text message.
3. Make sure the messages you want get through.
- When you opt into a text messaging service you’ll use on an ongoing basis, give the number a name – e.g., “pharmacy” or “flight reminders”
- Add the number to your contact list or address book.
