Blog

Smishing/Tishing: What To Look Out For

Posted August 23, 2022 in Articles
Photo of Jonathan Smith
by Jonathan Smith
Fraud Operations Manager, CFE

What Is Smishing?

In the fast-paced world we live in, Short Message Services (SMS) have become an easy and convenient way to share information quickly. Commonly referred to as a “text message”, SMS was first thought of in the early '80s, experimented with in the '90s and became mainstream on most mobile phone devices by the mid 2000s. The premise was and still is, to send a short message that is less than 160 characters for quick communication.

Today, text messaging is a standard communication in society. It is used to distribute information to large groups, quick messaging between friends and family, and for two-factor verification of authenticity to fight against fraudsters attempting account compromise or takeover.

While this tool is very effective when used correctly, we have seen many instances of text messages used to defraud individuals of their hard-earned income. This type of fraud is usually called “Smishing” or “Tishing” and is like Phishing but related to Short Message Services and Texting. Most commonly, fraudsters will send out text messages to members pretending to be from a legitimate organization such as the Internal Revenue Service (IRS), Social Security Administration, or even another bank or credit union.

What Does A Smishing Text Message Look Like?

Smishing text message example.

These text messages can include directions to call a number and speak with a representative pretending to work for the agency or institution. Often the fraudsters make the message seem urgent, stating the member's account was “compromised by fraud and needs immediate action before the account is closed by a representative.” These claims are false and are another attempt by fraudsters to get members to cooperate with their scams.

More recently, fraudsters may include a hyperlink in the text message to a fake website or domain in an attempt to gain access to a member's end-user device, such as a mobile phone or iPad. Members should use extreme caution when using hyperlinks via text messages or emails. Hyperlinks can contain embedded software giving virtual “consent” or even tracking software that is downloaded to a phone or device, both of which commonly can happen without the member's knowledge.

Many a public service announcement has been sent out from Federal Agencies, utility, technology, and e-commerce companies stating they will not attempt to collect funds from individuals via text messages.

2 Key Things To Remember To Protect Yourself:

  • Coastal will never attempt to solicit member's personal identifiable information (PII) or account information through a text message.
  • Think twice before willingly providing information through these channels and always attempt to verify information before giving access, especially to individuals who seem urgent or in a hurry.

Looking For More Fraud Protection Tips?

At Coastal, we will keep you informed 24/7 about the latest risks so you stay vigilant in the fight against fraud.

Coastal's Fraud Prevention Tools

The fraud and security tools you need, right at your fingertips!

Related Posts

  • Articles

Coastal Credit Union offers 4 key ways to protect yourself from ransomware.

  • Member Tips

Keep yourself protected from phone scams with this helpful blog.

  • Articles

Imposter scams come in many forms, but work the same way: make sure you are aware of these 3.