You’re going about your day when ping – a text pops up from what looks like your bank. It reads, “Urgent: Suspicious activity on your account. Tap to verify.” Seems pretty serious, right?
But here’s the thing, it might not be from your bank at all.
Scammers are sliding into texts, emails, even DMs, with messages that are designed to trick you into revealing personal or financial information. Two of their favorite tactics for this? Smishing and phishing. And while the names might sound silly, the consequences are anything but. Let’s break down the differences and show you how to keep your guard up.
Smishing: Scam Texts that Look Legit
Smishing stands for SMS phishing, and it’s exactly what it sounds like: scammers sending fake text messages to get you to take the bait. These messages might claim:
- You’ve missed a delivery.
- Your account is locked.
- Your payment failed.
- Your bank needs to “verify” your identity.
They often include a link that takes you to a fake website or prompts you to call a phony number. the tone is urgent, the request is immediate, and the goal is always the same – get your information, fast.
Example:
“PSECU Alert: Unusual activity detected. Please verify immediately at psecu-security-alert.com.”
Red Flags:
- Slightly off URLs (like psecu-security-alert.com instead of psecu.com).
- Messages from short codes or unknown numbers.
- Pushy language or threats (“Your account will be suspended!”).
Phishing: Email Scams in Disguise
Phishing is the email equivalent of smishing. These emails often mimic the look and feel of legitimate companies using their logos and colors, and even the sender addresses can seem real at first glance.
Common phishing email themes include:
- Fake invoices or overdue bills.
- Account login warnings.
- “You’ve won a prize!” messages.
- Fake charity donation requests.
Example:
An email that looks like it’s from your streaming service saying your payment didn’t go through and you need to update your billing information, only the link sends you to a fake site that steals your credentials.
Red Flags:
- Poor grammar or typos
- Urgent or threatening tone
- Suspicious attachments
- Links that don’t match the sender (hover over it to check!)
Same Scam, Different Delivery
At the end of the day, smishing and phishing are two sides of the same scammy coin. They might use different platforms, but the approach is the same: create panic or urgency; pretend to be trustworthy; and ask you to click, tap, respond, or share sensitive information.
How to Outsmart the Scammers
You don’t have to be a tech expert to protect yourself. These quick tips can help you dodge both smishing and phishing attempts.
- Slow your scroll. Don’t let urgency cloud your judgement. If something says, “Act Now” or “Immediate Action Required,” take a deep breath and think it through.
- Don’t click suspicious links. If you get a message with a link, don’t click it. Instead, go directly to the company’s official website.
- Never share sensitive information through text or email. Legitimate organizations, especially your financial institution, will never ask for personal information this way.
- Verify it. Look closely at the sender’s email or phone number. If it seems off, it probably is. If you can, contact the sender or caller directly through a known phone number or email.
- Turn on multi-factor authentication (MFA). Adding an extra layer of security to your accounts makes it harder for scammers to gain access, even if they get your password.
- Stay updated. Make sure your phone, browser, and apps have the latest security patches and updates.
- Report it. Take a moment to report it. You can forward scam texts to 7726 (SPAM) and use your email provider’s report phishing option. (Consider adding abuse@com for a way to report scam or malicious emails.
Remember, scammers are good at looking legit, but you’re even better at catching the clues when you know what you’re looking for.
If You’ve Already Clicked – Don’t Panic
Mistakes happen, and scammers are really convincing. If you’ve already clicked a suspicious link or shared information, don’t panic. There are still steps you can take to limit the damage.
- Change your passwords immediately. Especially if you use the same one across multiple accounts.
- Enable MFA. This addsextra protection and prevents unauthorized access.
- Monitor your accounts. Look for any unfamiliar transactions or logins. Set up account alerts if your financial institution offers them.
- Notify your financial institution. If you shared payment or account information, they can help secure your account or issue new cards if necessary.
- Run a security scan. This checks your device for malware or tracking software that might have been installed.
- Stay alert for follow-up attacks. Scammers may try it again once they know you took the bait the first time. Be extra cautious moving forward.
And most importantly, don’t beat yourself up. The fact that you’re reading this now means you’re already getting smarter about how to protect yourself.
Stay Scam Smart
Smishing and phishing aren’t going away, but the more you know, the better equipped you’ll be to spot and stop them. Keep your eyes open, your instincts sharp, and your personal info protected. Because when it comes to scams, catching the clues means keeping your cash.
Need more fraud-fighting tips? Visit psecu.com/fraud to stay one step ahead of the scammers.
The content provided in this publication is for informational purposes only. Nothing stated is to be construed as financial or legal advice. Some products not offered by PSECU. PSECU does not endorse any third parties, including, but not limited to, referenced individuals, companies, organizations, products, blogs, or websites. PSECU does not warrant any advice provided by third parties. PSECU does not guarantee the accuracy or completeness of the information provided by third parties. PSECU recommends that you seek the advice of a qualified financial, tax, legal, or other professional if you have questions.