Alex Thomas Sadler, Clark.com
Criminals are using a new type of text message scam to steal your information! Here’s what to look out for and how to protect your data.
Text messages have become a, if not the, primary method of communication for many Americans — in fact, 97% of American adults text on a weekly basis, according to a study by Pew Research Center. And as people continue to rely more and more on their mobile devices to do everything from calling and texting to online banking and shopping — texting is now more popular than ever.
Texting started out as an easy way to chat with friends and family — but these days we get texts for all kinds of things, including special offers, alerts, shipment notifications, account verification codes and much more.
But as technology continues to make things more convenient, it’s also making people more vulnerable than they realize.
Beware of new Bank of America text scam
For whatever reason, smartphones have caused people to let their guard down — and scammers are taking advantage of the fact that many people will open, and often respond to, just any text they receive on their phone
And the latest scam involves Bank of America customers receiving bogus SMS (text) and email messages that appear to be legitimate notifications from the bank.
According to reports, the message prompts the customer to call a specific phone number, visit a website/link or respond directly with personal information.
If you get any type of message like this, delete it immediately and call the bank directly.
If you think you may have been a victim of this scam, see more information on BoA’s website.
Rising threat of dangerous “smishing” scams
You’re probably familiar with phishing scams — which is a way for criminals to carry out identity theft by using fake websites, emails and robocalls to try to steal your personal information — including passwords, banking info, Social Security number and other sensitive data.
When you’re targeted by a phishing scam via email, you receive an email that appears to be from a legit source — often a family member, friend or company. The message typically prompts you to click on a link for a variety of different reasons, including to update your account info, get a special offer, protect your account or to complete some other type of urgent task. Different scams have different purposes, including downloading malware onto your device or getting you to fill out a form on a fake website, which sends all of your personal info directly to the criminals.
Now hackers are using the same tactics to target more and more consumers via text message — a technique known as “smishing.”
And Bank of America customers aren’t the only ones being targeted by malicious text messages.
What the scam looks like
Similar to phishing scams, criminals are sending “smishing” messages to your phone via SMS (text message) with the same objective — to steal your information.
“Criminals like smishing because users tend to trust text messages, as opposed to email, of which many people are more suspicious, due to phishing attacks,” Stephen Cobb, a security researcher at the cybersecurity company ESET, told USAToday.
“As smartphones are the primary means of accessing the Internet in some countries, this has tempted criminals around the world to invest in scams that target these devices,” Cobb said.
Criminals behind these scams are looking to get any piece of personal information about you they can — including your name, birth date, credit card info, banking info, Social Security number and more — whatever they can get in order to steal your identity.
Smishing scam messages are typically sent with a sense of urgency — often asking you to respond with certain information, call a specific number or click on a link provided in the text. And the criminals make the message appear to be from a legit source or company, like the IRS or your bank, to convince you that you need to take immediate action.
Here are some examples of scam texts, followed by a list of scam texts and emails people have received that claim to be from Bank of America:
Note: While the below examples refer to Bank of America, keep in mind that these scam texts may appear to be from any bank, company or organization.
- “From: Bank of America [mailto:email@example.com] Sent: Monday, February 20, 2017 6:40 AM To: firstname.lastname@example.org Subject: Time-Sensitive Message from Bank of America”
- “Dear customer, please visit BankOfAmericaHelp.net (Ref #81923)”
- “Please visit CardsBankOfAmerica.com (Customer #55863)”
- “Your BOA-acct is temporarily disabled by our Security Dept. Learn more: http:/ow. ly/Dnul308wk6?ID756666.”
- “Warning / Please visit: apps-bankofamerica .com”
- “Notification / You have an account notification: protect-bankofamerica .com”
- “email@example.com / Customer alert / Please confirm http://www.boa-card .net”
- “(Alert: Suspicious Activity) Case 160027. Please visit http://account.id1999310bankofamerica .com.
- “Online / Security message: bankofamericauser.com”
- “Account Notice) Case 1012181. Please visit http://client.bankofamerica-id14713 .com”
- “(Attention: Suspicious Activity) Account notice: id412753-bankofamerica.com”
- “Valued member, we detected unusual activity on your account. To securely update your information, follow the link: http://bankofamerica.text-id338. com”
- “FRM:*Important-bankofamerica^MSG* MSG:Account Access Blocked. Please read this ASAP: xloginbofaadmin .com”
- “(BofA)-Important Message – Due to recent updates in our system you need to verify your information. Click the link below: http://bankofamerica.sms- auth4427.com”
- “BOfA: Your Bank Card is restricted due to failed payments. Follow http://www.USA-BankOfAmerica.com and remove Account limitation in 3 Easy Steps.”
- “(Visit# wwv.bnkofameirca.com-jtjgw.confirm19id.net/ Now) [fgeck]We are sorry but your_Bank0fAmeirca-issues#”
- “wvw2.boaonline.com-hnxst. review184id.net/Now) We are sorry but your: BnkofAmerica-is-locked”
- “(BoA) Debit Card locked. visit http://www.xxxxxxxxxx. BankOfAmerica-BoA.com”
- “(855)996-0808 (BoA) Debit Card Locked. visit www.(my cell number). BankOfAmerica-BoA.com”
- “(go-to: wvw.bnkofamerica.com-sect jays.confirm540.net/?nr=. We are sorry but your bnk0famerica-debit visa is locked”
- “(Dear , this important Message is from BankofAmerica. Debit-Visa issues)Contact us now at 5182123866 and remove the limit. “
- “18559333547: (BoA) Debit Card Locked. visit http://www.312xxxxx20. BankOfAmerica-BoA.com”
- “(bank of america message: important – please call at 630-701-6543 to review your account. Client id: 55g5lpfxf3dd5an)”
- “([B a n k O f A m e r I c a] UrgentMessage.Please Ring: (818) 688-4222)”
- “Bank Of America – ACCOUNT LOCKED Member: 7735471815. Urgent CALL : (855) 277-7117
- “([B A N K OF A M E R I C A] UrgentNotification Contact: 914 266 8559)”
- “(Office My B.O.F.A Attention needed Contact: 9142668559)”
- “(MYB.O.F.A Urgent Notification Contact: 914 266 8559)”
- “(My Master Urgent Notification Contact: 914 266 8559)” came from firstname.lastname@example.org “
- “([bank of america]}Your Attention Is Needed.Call 323 937 7432”
- “email@example.com ([BOfA]UrgentNotification.Contact: 831-298-1164)”
- “Direct debit issue.to solve please call now.”
- “Fwd: (Please Contact Bank Of America HelpDesk @ 1(978) 290 5085)”
How to protect yourself
Here’s a general rule of thumb for avoiding any type of phishing or smishing scam: Do not click on any link in any email or text message that you were not expecting.
If you aren’t sure about it and think there could be a legitimate message or notification intended for you, go directly to the official website of whatever business supposedly sent you the message and check for any notifications there. If you don’t see anything, call the company or person directly.
Specific tips to avoid these scams:
- If your bank needs you to update your profile, you should be able to find that information by logging in to your account separately through the official site — or by calling your bank directly.
- Never reply to a text from an unknown number — even if the message claims that a certain response from you will “stop” future messages. If the text is in fact from a scammer, responding only confirms to the criminals that you are a live, real person and they will continue to try to scam you.
- Never click on any links — sent via email or text — that you weren’t expecting or that come from a number/address you don’t recognize.
- Install and regularly update anti-malware software on your smartphone: Here’s a list of the best mobile security software options to protect your device and information.
- You can forward any suspicious texts to 7726 (“spam” on most keypads) to alert your carrier about the number that sent you the spam. Then make sure to delete the texts after you’ve passed the information along.
Additional tips to spot text and scam emails:
- Read your phone bill. Check your phone bill for services you haven’t ordered. Some charges may appear only once, but others might be monthly ‘subscriptions.’
- Know your rights. Real commercial text messages must provide a free, easy way for you to opt out of future communication. Learn more here.
- Watch out for look-alike URLs. Just because a URL has the name of a real company in it, doesn’t mean it’s legitimate. Anyone can register a sub-domain (realcompany.website.com) or similar URL (realcompany1234.com).
- Ask your phone carrier about blocking third-party charges. Mobile phone carriers permit outside businesses to place charges on your phone bill, but many carriers also allow you to block these charges for free.