In a FOX 32 special report: a new wave of scams targeting text messages is on the rise.
It's calling “smishing,” where thieves pretend to be companies, trying to get your account information.
So how does it work, and how can you protect yourself?
“Now you're kind of seeing an uptick and a wave of smishing, so that's text messages that are coming in on your phone,” said Bill Hardin, VP of Charles River and Associates.
Hardin says texting is the way many of us now talk and bad guys want to confuse you through text by pretending to be a utility, store, even your bank to get your account information.
“You've got all these filters and everything within email, but on text messages, you really don't have that kind of filter attribute associated with it,” Hardin said.
So Hardin and his team demonstrated for FOX 32 just how easily and quickly criminals can set up these fake sites and send you bogus messages meant to trick you into handing over usernames and passwords.
“We're going to play the bad guy – all right? And with that, we're going to start a campaign,” Hardin said.
For this example, Hardin created a fake "Verizon" website. It's identical to the real thing, except for the URL.
“Step two is - now I’ve got to go acquire data, so I’ve got to buy phone numbers that I want to go out and smish,” he said.
Hardin says criminals can buy thousands of phone numbers for cheap. He'd then send a bogus message to the numbers he bought with a link to his site, not Verizon’s.
“I sent the message, I have users that clicked, I have users that entered in credentials, and now I have all of these usernames and passwords,” Hardin said.
Hardin says this database of usernames and passwords can go for thousands on the dark web, and only took minutes to set up.
“It's quick, it's cheap, yes,” Hardin said.
What's also quick and free is how you can protect yourself.
“Rotating your username and password is always a great start,” he said.
That way if criminals try and use your credentials, they won't work, protecting your identity and bank account.
Other ways to protect yourself is if you get a text from a company or organization, don't reply direct or click any links. Contact the company directly to verify if the text is legit.