Smishing: What It Is and What You Need to Know About It to Keep Yourself Safe

Have you recently received a package from FedEx, UPS or another delivery company? If you’re like many Americans, the answer to the aforementioned question is yes. After all, Amazon alone sends about 3.3 billion packages worldwide yearly, many of which are delivered to customers in the United States. 

Generally, receiving a package is a positive experience. This year, however, many customers are disenchanted by a scam surrounding shipping. FedEx users have been receiving messages that appear to be sent from FedEx itself. For the most part, these communications have been primarily over text messaging. 

The messages often include a fake tracking code and an option to customize delivery preferences. If a user follows the link provided within the message, a satisfaction survey is loaded that eventually asks the viewer for his or her credit card number to unlock a free gift. Of course, there is no free gift, and the intent of the attack is to steal someone’s credit card number. 

This kind of scam is called “smishing,” which is a form of phishing. When someone fraudulently tries to obtain your private information by sending you a text message, he or she is smishing. As a general rule of thumb, trustworthy companies do not send voluntary communications that request money or personal information.

If you get a text that asks for personal information on behalf of a company, you should proceed with caution. The best thing to do is to check the company’s corporate website and call their office to make sure the information request is legitimate and has sound rationale for why it’s needed. If the communication is a large scam, the company may even release a statement informing its consumers. 

What Are the Signs of Smishing?

Deceitful texts often come from numbers that are abnormal. For example, a “5000” number might send you a text that’s a smishing message. When you see a 5000 number, you can assume that the message you’re reading is actually sent from a computer.

Additionally, if you get a text link that you’re not sure about, avoid clicking on it. Even if the text message includes a link from a friend, it’s a good idea to verify with him or her first that they actually sent the link before you open it in a browser.  

Another technique that’ll keep you out of trouble is asking yourself if the offer is too good to be true. Sometimes you do find great bargains and opportunities, but generally these aren’t sent directly to your phone via text.

Also, if an offer has a time limit or a severely limited quantity, proceed with caution. Scammers are smart. They want you to make decisions fast before you have the time to think them through. 

If an offer really exists, chances are you won’t need to seal the deal in a short period of time. If you’re worried about potentially missing a great offer, call the company to verify the information with them directly.

Before you call the company, you can also look at the link that you’ve been sent. Do not click it, but analyze its format. Specifically, look for mismatched information. If the text is supposed to be from FedEx but the URL is for something like www.shippinginfo.com, chances are it’s a smishing attempt. 

Another time-based tactic scammers use is a fake emergency. For example, you might get a smishing email after a natural disaster from a scammer who’s claiming to be an aid group. He or she might use the sudden emergency to convince you that you need to donate money quickly before it’s too late. 

Scammers are also known to use communications that are secret. If the text says something like, “Click this link for a free gift, but don’t tell your friends and family, as quantities are limited,” there is a pretty fair chance the SMS is a scam. You should never have to keep a transaction secret. You can feel free to discuss all offers you see with your friends, family, financial advisor, etc. 

Although offering an incentive is a common smishing technique, sometimes these messages include threats or negative sentiment. Any message that uses intimidation and demands something of you is likely a scam.

If you get a text that says something like, “Can you believe it, this photo of you online is SO embarrassing” and a link is included, it’s probably a malicious link that is meant to steal information from you.

Alternatively, you might get a text that reads something along the lines of “Your bank account has been compromised, if you do not log in now, your assets will be seized.” Again, this is probably a scam and a message to review with great scrutiny. In this case you would want to call your bank directly to check on your account.

Also, any time someone is trying to give you money over text, chances are he or she is scamming you. Scammers take advantage of you by saying they are going to send you money, so they need your bank account info.

Of course, once they have the info, they never send money. Some scam artists will even send you a counterfeit check or money order. When you cash it in the bank, the con artist will generally reverse the transaction, and then you are responsible for any amount of the funds you’ve spent in the meantime. 

Another thing to be wary of is a vague offer. If you get a text that says something like, “Get an extra $500 for your next vacation,” but it doesn’t say who it’s from or why you are getting it, chances are it’s not to be trusted. Additionally, if contact information is lacking, it’s a huge red flag that the offer isn’t actually available. 

A criminal posing as the government or another large authority is a common calling scam that’s moved to smishing. For years, victims have been called by scammers who claim they are the government or a government agency. The criminal might say, “This is the IRS, and your taxes flagged our system; you may be subject to jail time if you don’t sign into your account today.”

A message like this has many red flags; it claims to be a government agency, it makes a threat and there is a deadline associated. Governmental agencies generally don’t send texts. 

This likely goes without saying, but also look for grammatical mistakes.

Shockingly, even advanced con artists will make glaring spelling and grammatical errors. Any message that doesn’t read right or has large oversights is probably not from a legitimate company. If it were, the message would be proofread and revised several times before it was broadcasted. 

Double Checking

There are also behaviors you can start performing to mitigate your risk. First, monitor your bank accounts and finances often. At first, a scammer might only put a small charge on a card, so small you don’t notice. Then, down the line, he or she places a large charge on your card, assured you won’t catch it because you didn’t notice the first.

If you see any questionable purchases you don’t remember making, immediately call your bank and get them to look into the transactions. If a scammer has your info, you can reverse the transactions and block him or her from your account. 

Another thing to do is to see if you’re on the web anywhere. Some scammers purchase cell phone numbers online that hackers have collected during data breaches. A computer company can help you locate places your number might be posted online and help you remove your private information so scammers are less likely to send you smishing communications. 

A smart technique to keep your data from being stolen in the first place is to only have accounts with reputable sites. Additionally, you should focus on keeping your online accounts safe by having each one carry a different password.

This way, if one of your passwords is hacked, a criminal will only be able to access your data on that specific platform. If you share passwords across platforms, once a hacker knows this info, he or she can break into many of your accounts and do a terrible amount of damage in a short time. 

Reporting a Smishing Scam

The FedEx scam came to the media’s attention because people reported the smishing attempt. When you suspect you might be experiencing a scam, you should first check with the company. If the company doesn’t confirm the communication is from them, report the scam to a government agency.

First, take screenshots of the scam as well as related information. Then you can send the agency the information so they can make sure to protect you and other citizens alike. Of course, you should also let the related company know what’s going on so they can inform their customers if need be and begin to troubleshoot the issue from their side, too.

Stay Safe

Hopefully you didn’t fall victim to the FedEx scam. Regardless, the information above will help you avoid falling prey to the next big smishing attack. Also, as always, if you are having any kind of difficulty either understanding or taking the necessary steps to protect yourself from smishing, consider reaching out to HelpCloud Technicians for remote support.

Your Personal IT Team, Anytime, Anywhere!

24/7 Support

Explore Services

Get 24/7 Peace of Mind With Remote Tech support

We’ll help you with any question, concern or issue.

Get Specialist Assistance

About the author

Photo of Erik Fullmer

Erik Fullmer

Erik was raised in many places but has long since called Utah home. Rooted in mountains, he spends a lot of time with his dogs in the mountains and in the winter he skis… a lot.

Erik is actively earning the necessary certifications and training to become a certified AMGA Ski Guide.

With over a decade of content writing experience, Erik finds passion when writing for the tech and outdoor recreation industries.