'SMiShing' fishes for personal data over cell phone

When we think of phishing attacks, in which scammers try to lure sensitive information out of Internet users, we think of fake official-looking e-mails and Web sites.

But you don't even need to be online to get phished. A phishing attack making the rounds tries to dupe cell phone users into revealing their personal data over the phone. It uses SMS messages, which makes it a "SMiShing" attempt.

It all starts with a spam text message purporting to be from a financial institution. In this case, it's from a source identified as KeyPoint Credit Union, warning that an account has been locked and providing an 888 phone number to "verify" the account, said a CNET News reader who received one of the spam text messages on his Sprint phone.

When the phone number is called, an automated message prompts for SocialSsecurity number, credit card number, and driver's license number, he said.

"Every carrier has seen it," Matt Sullivan, a Sprint spokesman, said on Tuesday. "We have filtering technology that we are constantly updating to try to weed out some of this."

Asked how spammers get hold of the phone numbers, Sullivan speculated that they are using a random auto-dialer. Even if only 1 percent of the people called expose their information, the SMiShers are successful, he said.

Customers can block specific numbers that keep calling, but for most spammers that isn't effective, as they usually take one shot at the phone number and then move on, Sullivan said.

Sprint has had a fraud alert on its Web site for about a year about SMiShing, but reports go back to at least 2006.

[WindySkys]

"Customers can block specific numbers that keep calling," ...Not if you're a Verizon customer you can't, they do not allow you to block specific numbers. I have personally tried to get Verizon to block numbers and been told by their customer service that they don't have that capability. Friends of mine finally turned off all text messaging because Verizon claimed they couldn't block the spam they were getting.

[WJM123]

Elinor's article is just another example of the scams that are out there. The worsening economy doesn't help and will only create more clever scams. While most people do recognize scams like the one she describes above, there are still those who do not. Never give out credit card numbers over the phone or other financial information and you can avoid becomming a statistic.

[n3td3v]

"Smishing" is an awful word, who decides on these buzzwords?

[Identity-Theft-Speaker]

Its PHEXTING, like phishing when texting is PHEXTING. See here http://www.finextra.com/community/Fullblog.aspx?id=2495

[cylockholmes]

I just got a net10 phone no more than a week ago. brand new. I haven't given the number to anyone yet as I had probs and they sent me a new sim card. SURPRISE, I got a message (while my phone was"out") from a stacyf08cfi.
she was supposedly part of a yahoo group and the message said "just press y as return message"
naturally I didn't, but am curious as to what they were trying to do. I searched the name, nothing.
Closest I got was a stacyf which turns out to be a baby's "profile.