Back to Blog

Smishing Scams: Don’t Click the Link!

Concerned Woman Looking at Cell Phone

Have you ever received a text message or phone call from someone claiming to be a company you have done business with, but something just felt wrong? The message indicated that something was wrong with your account and urged you to click a link to fix the issue, but it took you to a website that didn’t look quite right. If so, you may have been the target of a popular scam.

The scam works like this: the fraudster sends a text message posing as a business. In their communication, the premise is typically that “there is a problem with your account” or some similar issue, and they provide a link to click or a website to go to in order to fix the problem. However, the link or website that they provide is not actually the company’s website. Instead, it is a mock website created by the fraudster. When the victim puts their information into the website, their personal information is in the fraudster’s hands.

This scheme is known as smishing, which has been around for a long time in various forms (spam emails are a particularly old and common method), but this particular variant has gained significant popularity recently. The scheme can be particularly harmful if the fraudster is using your credit union or bank account as the bait. Posing as your financial institution, they could use the information you supply to change your password, lock you out of your accounts, send money to themselves or a third party, or otherwise wreak havoc on your finances.



We can only speculate about why fraudsters gravitate to certain scams, but there are a few reasons why smishing could be growing in popularity:

  • Switching tactics: phishing—the email version of smishing—began in the 1990s and soon became commonplace. Since then, however, many email providers have developed effective spam filters that make it much less likely for phishing emails to be successful.
  • Trusted names: people are likely to trust organizations they interact with on a regular basis and are used to receiving texts from businesses. They may be more willing to follow the instructions laid out by the fraudster.
  • Fast moving platform: most smishing scams include some kind of threat of consequence, such as the target’s online banking being locked if they don’t take action. By creating a sense of urgency in a text, where people tend to move quickly, the fraudster reduces the likelihood that the target will think critically about the situation.
  • Spoofing resources: in recent years, there has been a major growth in the accessibility of services that allow an individual to “spoof” a phone number. Spoofing allows fraudsters to make it look like they are calling or texting from a legitimate number, such as the number a trusted company lists on their website. This can make the call or text look much, much more convincing than it would otherwise, as it seems to be coming from a valid source.



At first it may seem like it will be difficult to spot, especially since the phone number might even look like the right one! Fortunately, there are a few key differences that can help you spot a scam more easily. Here are a few details to watch for:

  • Don’t click links: If the text message asks you to click a link, there’s a good chance that it is fraudulent. If it is really your financial institution asking you to do something, they are much more likely to ask you to go to their website and log in, as that is much safer.
  • Be skeptical of threats or consequences: Scams will almost always include some kind of threat to create the urgency discussed earlier, while legitimate communications will likely not. If the communication feels like it is pressuring you, it could be a scam.
  • Don’t trust unexpected communication blindly: Were you expecting any kind of contact from your bank? If you were expecting to hear something from your bank (perhaps a one-time passcode, password reset link, or something similar) and then you receive a text message from them, there is a decent chance that the communication is legitimate. If you receive something out of the blue, there is a good chance that it is fraudulent.


Edge Security

Protect Your Identity with Edge Pay

Monitor your credit and secure your finances with our modern debit card.

Learn more



The first step is, of course, to ignore it. If you click no links and don’t respond, you will keep yourself safe. You may also become less and less appealing of a target for scammers, and may receive fewer attempts in the future. There is no guarantee of this, of course, as many fraudsters simply contact every phone number that they can generate, but certain fraudsters do keep notes on which numbers do or don’t generate leads. Staying on the “no leads” list could make things easier in the long run.

The second step is to contact the company and inform them that you have received a scam call or text from someone posing as them. It is important to note that even if you were contacted by a spoofed number, if you dial the number yourself, it will go to the right place, and so it is safe to call the company. This allows the company to keep track of how many of these attempts are made, and communicate with customers if they believe it is necessary. Many businesses will put a banner on the top of their webpage, send an email, or otherwise attempt to inform their customers that these scams are taking place, and that customers should be extra careful.

Additionally, calling the company allows you to confirm whether the communication was actually from them. Sometimes, you may not be completely sure if the text message received was a scam or legitimate, and that’s ok. The safest thing to do in this situation is to disregard the communication you are unsure about, and call. If there genuinely is a problem of some sort with your account, the customer service rep should be able to help you resolve it. Calling serves the dual purpose of allowing you to validate the legitimacy of the text you received while also informing the company about the scam (if it was one).

While the world of scams can be frightening, it is important to remember that by keeping a level head, taking a moment to think critically, and staying in touch with the business, you can keep your personal information, your money, and yourself safe, no matter how clever the scammers try to be.


Worried about Your Credit?

This eBook can help you protect and improve your score.

Download the eBook

About Risk Management Department

Our vision is to empower possibilities for greater prosperity for Vermonters. Part of fulfilling that vision is protecting our members’ accounts against unauthorized access. The security of your personal information is a top priority for VSECU. Are you afraid that your financial information at VSECU has been compromised? Please contact us immediately at 1-800-371-5162. We can help with the process of securing your accounts and may even be able to help mitigate your loss.

Reading on Phone

Stay informed

Stay up to date on financial tips, tricks, and tools that will build your financial literacy and help you live a more prosperous life.

Subscribe now!