What is Phishing & Smishing?

Phishing and Smishing are methods criminals use to trick you into giving them personal financial information. The criminals are after details like credit card numbers, bank account numbers, social security numbers, passwords, and other sensitive information. They use that information to steal your money or use your good name to open new loans or credit cards. Phishing uses an email message to gather that information. Smishing uses an SMS text message to your phone.


Both Phishing email messages and Smishing text messages are designed to fool you into giving your personal information voluntarily by pretending to be your financial institution or another company you trust. Usually, they will tell you that your bank account, your credit card account, or other electronic payment account, needs to be “updated” or “validated.” The message will say there are dire consequences if you don't take the action – for example, the account will be closed or frozen. The message typically gives you a link or a phone number. You are told that if you follow the link, or make the call, the account can be updated or validated to fix the problem. It is your response that allows the criminals steal your information. The web site is a fake, set up to look legitimate; but, any information you enter is captured directly by the thieves.


The Justice Department suggests three simple steps that will help you avoid being a victim of Phishing or Smishing fraud and theft. First, STOP. The message is designed to get an immediate reaction from you by making it seem like an emergency. Do not click any link or call any number included in the message. Instead...LOOK. Think about the message. Does it make sense that your account would be closed if you don't respond immediately to a link in an unexpected message? A safer choice would be to log in to your account normally. Don't use the link or phone number inside the message. Just log into your account the way you typically would. If you don't see any problems or alerts when you log in normally, you know it's not a legitimate message. Finally...CALL. Use the toll free number on your card...or a telephone number listed in the phone directory. Tell the company or financial institution that you received a suspicious message. If there is a real problem, and chances are everything will be fine, you'll know it was a scam. However, by calling the financial institution or company, the legitimate contact can put your mind at ease, and also warn other customers.