Have you been contacted by text lately about your unpaid tolls? If so, the Arizona Attorney General’s Office is warning you and other consumers about common ‘smishing’ scams, or fake text messages fraudsters are using to trick Arizonans into downloading malware, sharing sensitive information, or cyber criminals.
“Smishing” combines “SMS,” or “short message service,” and “phishing.”
With smishing scams, the bad actors phish for consumers personal and financial information by including a phony web link in text messages that, if clicked, will take consumers to a counterfeit website. Not only is the scammer trying to steal consumers’ money, but if you click the link, they could get your personal info (like your driver’s license number) — and even steal your identity.
In 2024, the Federal Trade Commission (FTC) reported a significant increase in consumer fraud, with consumers reporting losing over $12.5 billion, a 25% jump from the previous year. The Attorney General’s Consumer Information and Complaints Unit (CIC) received nearly 22,000 consumer complaints from Arizonans about scams and deceptive practices. The Arizona CIC unit successfully recovered a record $5.2 million on behalf of consumers by working together with consumers and entities to resolve consumer complaints.
The Attorney General’s Office offers the following as examples of smishing scams:
-
Unpaid Tolls. Whether you’ve driven through a toll recently or not, you might’ve gotten a text saying you owe money for unpaid tolls. The text asks you to pay by clicking a link and entering your payment details.
-
Job Offer. You get a text out of the blue from someone who says they’re a recruiter for a company. It might even look like the text is from a company you know. Either way, you didn’t apply for a job with that company. But the text asks you to reply with some personal or financial information or click a link to follow up on the opportunity.
-
Bank Alert. You might get a message alerting you to supposed suspicious activity, or they might say to reply “yes or no” to verify a large transaction (that you didn’t make). The text asks you to reply or to click the link to confirm your banking information.
-
Package Delivery. The message might say that you missed a delivery attempt and ask you to click on a link to re-schedule the delivery. Or it could say that your item is ready to ship but you need to update your shipping preferences. Some create a sense of urgency by saying if you don’t respond right away, they’ll return your package to the sender.
-
Tax Refund. You may get a text about a “tax rebate” or some other tax refund or benefit. The text will ask you to click the link to claim “your refund.” These are especially common around this time of year.
According to the Attorney General’s Office, things you can do to avoid being a victim of a smishing attempt include:
-
Ignore messages from unknown numbers claiming to be financial institutions, shippers, government agencies, and private companies.
-
Never click links, reply to text messages or call numbers you don’t recognize.
-
Do not respond, even if the message requests that you “text STOP” to end messages.
-
Delete all suspicious texts. Look for red flags in the text message, like misspellings or directions pressuring you to act quickly.
-
Protect any sensitive personal information – bank accounts, health records, social media accounts, etc. – by using multi-factor authentication to access it.
To help you cut down on spam texts:
-
Update your device. Make sure your smart device OS and security apps are updated to the latest version.
-
Use filters. Check if your mobile phone has options to filter and block texts from unknown senders– here’s how to filter and block messages on an iPhone and how to block a phone number on an Android phone. Many robocall blocking apps can also block text messages.
-
Report unwanted messages. Use your phone’s “report junk” option or forward unwanted texts to 7726 (SPAM). If you believe you have been a victim of consumer fraud, you can file a consumer complaint by visiting the Attorney General’s website.
