Imagine receiving an SMS from an unidentified number posing as your bank. The text alerts you of unusual activities in your account and prompts you to authenticate your identity through a link provided.
Driven by anxiety, you hurriedly click the link and then enter your personal details. Sadly, before you know it, your bank account is under the control of an unknown person.
SMS phishing tricks, commonly known as ‘smishing’, are consistently evolving and becoming more convincingly accurate. Cybercriminals now have simple access to AI, which they use to create seemingly genuine messages from assumed reputable sources; for example, your bank. The FBI’s most recent Internet Crime Report discovered that 298,878 phishing scam complaints in 2023 led to almost $19 million in loses.
While false texts are perilous cons, legitimate notifications from banks can be advantageous as they can let you know when you have low funds in your checking account or a big credit card balance. So how do you differentiate a real text message from your bank from a fake one? This article provides pointers to identify fraudulent text messages and ways to report phishing scams if you fall victim to one.
For more monetary adequacy tips, discover the optimal time to book cost-effective flight tickets and ways to prevent tax-related identity theft.
What should be your initial reaction to a text from “your bank?”
Your first step should be questioning if you’ve agreed to receive SMSs from your bank.
Melanie McGovern, director of Public Relations and social media at the Better Business Bureau, informs CNET, “Several financial institutions send text messages, and if you’ve given your permission, they will text you.”
If you’re uncertain about authorizing text messages from your bank, visit the bank’s official website, sign in to your account, and examine your communication choices through your personal profile or dashboard. The setting for SMS notifications could be located under “Delivery Settings,” “Alerts,” “Notifications,” or something similar
Suppose you realize that you haven’t activated text notifications. In that case, you should be skeptical: the SMS allegedly from your bank is likely a scam, and you should promptly report it to your bank and the FTC.
If you have agreed to receive text notifications, additional steps are required to verify the legitimacy of the text.
How to detect if a text from my bank is genuine?
If you’ve approved receipt of text messages from your bank, there are a few telltale signs that can help you assert if a banking-related SMS is authentic.
Firstly, remember that banks will never ask for your sensitive or private data through SMS. If a text inquires about your PIN, online credentials, or other account details, disregard the message and report it directly to your bank and the FTC.
Many banks clarify their policies on their security or privacy page. For example, Bank of America specifies that they “will never text, email or call you asking for personal or account information.” Moreover, banks will not ask you to authenticate your identity by clicking a link.
Secondly, be cautious of urgent notifications. Fraudulent messages often instill fear among users by insisting immediate action to prevent a disaster. Therefore, McGovern advises you to “stay alert if mimicked urgency makes you panic and act without thinking, especially if the purported sender is a bank.”
Thirdly, be suspicious of URLs that closely resemble your bank’s official website but with slight changes. These could involve an extra hyphen or using a different domain extension like ‘.info’ instead of ‘.com.’
Phishing messages could also implore you to send money, make purchases— things a bank will never instruct you to do via text. Also, beware of messages that sound too good to be true, such as an unanticipated prize announcement for a contest you never entered.
The educational website Banks Never Ask That, sponsored by the American Bankers Association, provides more insights on how to avoid banking-related phishing attacks.
How should I handle a possible scam text appearing to be from my bank?
No matter the content of the text message supposedly from your bank, consider reaching out to your bank directly before taking any further action.
McGovern advises, “dial your bank’s number that’s printed on the back of your card or the number found on their official website, and not the number that sent you the text.”
She further suggests to “refrain from clicking any link sent in the text.” Ideally, go through your usual banking website to access any necessary URL.
In essence, there’s no need for you to engage with any text messages purporting to be from your bank. Call your bank or visit its website to execute any banking tasks.
What steps should I take if I’m a target of a banking scam text message?
Firstly, capture a screenshot of the suspicious text message for reporting purposes. Then, get rid of the message to prevent accidental engagement.
Next, report the alerting SMS to both your bank and the FTC. If you disregarded the text, you can send a screenshot to your bank (corresponding email addresses are provided below) or call them to relay the information.
If you engaged with the text, such as by clicking the included link or replying, ensure you contact your bank’s fraud or security department immediately.
To report the phishing attempt to the FTC, simply send the screenshot of the message to 7726 (SPAM). You can also report the scam via ReportFraudftc.gov.
Procedures to Report Phishing Scams to Most Common US Banks
*First Republic Bank hasn’t provided an email address for reporting phishing scams on its website and hasn’t replied to an email request for it
Always remember, there’s no need to reply or click any text messages from your bank, even the authentic ones. By simply calling your bank or visiting its website whenever you receive a text message, you ensure your account remains secure.
For more financial practices, learn about the reasons to pause your Social Security benefits and how to secure free meals on your birthday.
