Trust Betrayed: How Scammers Exploit Relationships in Text Message Phishing Scams

by | Jun 8, 2023 | Articles, Cyber Security, Technology

Scammers are nothing new but as technology evolves, so do scammer tactics. A newer, and quite prevalent, form of cybercrime is text messaging phishing scams. These scammers fraudulently present themselves as your boss, coworkers, or others you may know in an attempt to deceive you. They’re preying on the fact that you may not pay attention to the number that’s texting you as long as they identify as someone you may know.

Text messaging phishing scams involve bad actors utilizing deceptive techniques in an attempt to trick individuals into revealing sensitive information, carrying out unauthorized actions, or purchasing gift cards. By impersonating someone known to the victim, scammers attempt to exploit trust and authority to manipulate victims into complying with requests. 

One such scammer attempted to target one of our employees this June and it quickly felt off. The employee immediately reached out to the colleague that the scammer was impersonating to confirm the conversation and was met with a resounding no. After that he called the scammer out and notified the FTC of the scam attempt. We’ve included a screenshot of that conversation, including the scammer’s phone number so you can be aware – and in case you need to see it bigger, the number the scammer used was 917-271-9313. Please note, certain personal information has been removed from the screenshot.

How the Scam Works:

  1. Scammers will initiate conversation by sending a message that either appears to be from a legitimate source or is a new number. They’ll identify themselves as a colleague you may know. They may also spoof, or fake, the phone number to make it seem authentic. 
  2. They will create a sense of urgency by claiming a time-sensitive matter or task. This may involve sharing sensitive data, transferring money (or in our case, buying gift cards), or performing actions that will benefit the bad actors. 
  3. Scammers rely on psychological manipulation to gain a victim’s trust and compliance. This may include using personal details that are available online or creating a plausible story. 
  4. They may use official language, industry jargon, organizational hierarchies, and more to appear authentic.
  5. The consequences for falling for one of these scams can result in financial loss, compromised personal information, or even damage to your professional reputation if the data breach is bad enough. 

How Should You Protect Yourself?

There are a lot of tips we can give to protect yourself but the biggest one is the most important: 

Don’t trust unknown contacts, even if they’re saying they’re the person you’re speaking to. Take thirty seconds and reach out to the actual colleague or person via the information you have for them in your address book. 

  1. Analyze the Message. Pay attention to the language and formatting of the message. Spelling mistakes, use of the word “kindly” in a request, and grammatical errors are all signs of something amiss. Your boss will never ask you to get gift cards for a presentation. 
  2. Avoid Sharing Sensitive Information. Never share personal or financial details via text message. Personal information is fine being shared with a contact you know and can confirm. But never share financial information via text. A business or bank will never ask for it via text message. 
  3. Implement Two-Factor Authentication. Enable Two-Factor Authentication (2FA) on any account that gives you the ability to use it. 2FA adds a secondary verification method – text, email, physical security key, or authenticator app – for accessing your accounts. 
  4. Educate Yourself. Keep up to date on the latest scams and share that knowledge. Foster open conversations in the workplace about cybersecurity and how to stay vigilant for scams. 
  5. Report Suspicious Messages. If you feel you’re a victim of a phishing attempt, you should immediately notify the Federal Trade Commission, your organization’s IT department, your mobile service provider, and possibly your local authorities. The FTC has a dedicated website for reporting fraud and reports are taken seriously, as SMS fraud is a felony. 

Text messaging phishing scams are engineered to exploit trust and authority associated with your bosses and colleagues. They pose a serious threat in today’s digital landscape. Making yourself aware to these scams and implementing preventative measures at your place of work, and in your own life, can protect yourself from falling victim to these types of fraud.