What is SMiShing?
“SMiShing” is really just another form of phishing, and occurs when a fraudster sends you a SMS/text message asking you to provide sensitive, personal, and/or financial information via a web link and false website, or a telephone number. The messages could appear to be from T-Mobile, or from some other entity you do business with.
Please note that T-Mobile will never ask you to “confirm” or “verify” your sensitive personal information in an unsolicited SMS text message.
While we generally need account verification information when you contact us, we will not request such information when contacting you.
The most common examples of SMiShing occur when fraudsters send text messages posing as a customer’s financial institution or other business that might have access to sensitive personal information. The message often attempt to alarm the customer. It may threaten dire consequence if you don't respond immediately. The message may direct you to a toll-free number or website that looks just like a legitimate institution’s number, but in fact it is not. Once you have called the number or clicked on the email link, they may ask you to “verify” (give them) your sensitive information such as credit card number account number and expiration date; your Social Security Number, Bank Account Number and pass code, etc.
Examples of fraudulent SMiShing messages:
- Credit Union N.A. Please call us immediately at 1-888-xxx-xxxx regarding a recent restriction placed on your account. Thank you.
- Alert!! Honolulu City & County Employees has limited your account pending verifications. Contact us NOW at 213-xxx-xxxx.
Steps to take
If you receive a text message that asks for sensitive information:
- Do not reply to the message.
- Do not click on any of the links that may be embedded in the message.
- Contact T-Mobile’s Privacy Team at privacy@T-Mobile.com and forward a copy of the e-mail so that we may investigate it. If our company name or brand is used in efforts to fraudulently obtain personal information, we will work aggressively to halt those activities.
- Contact your bank, financial institution, or other entity you do business with directly to determine if they sent you a legitimate request.
- If you believe that you have been a victim of a SMiShing scam, you should file a complaint at http://www.ftc.gov, and then visit the FTC Identity Theft Web site at http://www.ftc.gov/idtheft to learn how to minimize your risk of damage from identity theft.