that bank text on your phone is likely fraud – here’s what to do next
How to recognize fraudulent texts and protect yourself
Think back on the number of times your bank has sent you unsolicited texts in the past year. Hold that number in your head.
Now, if your bank sent you an unexpected text today, asking if you wired $7,500 to someone, would you consider that business as usual?
Probably not.
Unfortunately, bank impersonators are increasingly becoming more common. Fraudulent bank text messages are on the rise, representing the most common type of text messaging scams now reported to the Federal Trade Commission.
And these scams are getting very sophisticated. In 2022, American consumers lost more than $330 million to these “smishing” attacks – a mash-up of SMS and phishing.1, 2 In the same year, 76% of all organizations experienced smishing cybercrimes, IBM reports.3
Fortunately, you are equipped to stay two steps ahead of fraudsters. Here’s how to smish-proof yourself.
6 tell-tale ways to spot a text scammer
If you receive a random text from your bank that includes an urgent request, information about a new product, and/or an embedded link, do not consider it business as usual. Consider it a potential scam.
Here are six fast ways to tell when a “bank” text doesn’t pass the smish test:
You don’t recognize the number, kinda. If the number attached to the text is not identified as one of your contacts, don’t trust it. But do check the number carefully – smishers use spoofing software and technologies to create fake numbers that look a lot like ones you know – including your own phone number.4, 5
It includes a tempting link. A link should always be a red flag. A hoax link or attachment might take you to a phishing website designed to collect more information from you (like a password), or download malware that will spy on your online activity and steal sensitive data from your device. Do not click anything.6, 7 The website may even look legitimate, so make sure you check the URL to ensure that it is actually your bank’s website. Another way to test if a site is legitimate is to exit the site and enter your bank’s website how you normally would and attempt to find the page from the text.
The texter wants to “confirm” your deets. A text that asks to verify any personal information, even a phone number or transaction, is suspect. The sender is looking for information to access your bank account. Your bank would not request sensitive info in a text.
It’s hair-on-fire urgent. Scammers strive to trigger alarm and force action. If a message demands an immediate response – it might, for example, tell you to contact a linked “bank representative” to clear up suspicious activity – the only immediate action you should take is to report it.
It gets a “C” in grammar. Uncommon wording and spelling mistakes are a common giveaway of fraud texts – think “kindly” instead of “please” and mixing plurals and singulars. Also, a scam is more likely to be overly familiar (Hey, Bill!) or overly formal (Dear sir or madam). It’s important to know that as artificial intelligence becomes more commonly used to write emails, the grammar may not have as many mistakes as it used to.
It’s giving you a deal! Any message that appears too good to be true is, well, you know the rest. Your bank is not permitted to send you promotional materials unless you’ve opted to receive them. It also wouldn’t alert you via text if you had a sudden windfall.8
Protect your account from text scammers: 3 guidelines
If you receive a text alleging to be your financial institution, do not click on any of the links and do not respond. Report these texts using the report spam prompts on your phone, block the contact from messaging you again, and then call your bank directly (use the number on the back of your bank card or from its website). Remember, these text messages are designed to make someone panic so they act quickly without thinking. Take a moment to pause before acting.
In the meantime, these guidelines can protect you from becoming a target of smish scammers.
1. Ask your phone to protect you. Devices that use Apple or Android operating systems are equipped to filter out suspicious texts and unknown numbers (check your settings). Many major wireless providers also offer services to block or flag calls. Lastly, install two-factor authentication on your accounts to ensure security.
2. Ignore the sender. If you are not 101% sure of a text’s sender, do not respond, even to type “Stop” or “No.” Once you do, you’ve confirmed you are active on the device and an imposter pretending to be a bank representative will call and request more information, or the scammer will sell your active number on the Dark Web.9
3. Keep your numbers to yourself. Never share account numbers, card numbers, social security number, or even your birth date with an unconfirmed contact. Personal identity details can be used to cobble together a fraud profile of you. Your financial institutions already have this information on file.
Send a message. Poach a scammer.
If you’ve received what you believe is a scam text, copy it and forward it to 7726 (SPAM), a spam reporting service that helps wireless providers recognize and block similar incoming messages.10, 11
However, if you think you’ve actually been scammed or “smished” by a fake text, call your bank. Then report it to the Federal Trade Commission via its Report Fraud site, right away. Together, we can reduce smishing, prevent theft, and carry on business as usual.
First Financial Bank will never send you a text or email seeking personal or account information. If you suspect someone is trying to scam you or access your account, contact us. Curious about other scams? You can learn about five common phishing scams you might not recognize on our blog.