It all begins when the person receiving the text clicks on the link. According to Aaron Rouse, SAC, Las Vegas FBI, “You'll have a loss of access to your device, sometimes. You'll have afforded somebody access to your device, and you'll possibly lose personally identifiable information. So it's something that we just like we say with email. If you didn't ask for it, don't click on it." Rouse also described a couple of ways "smishing" is being used at this very moment. Individuals receive a text claiming to be from AT&T saying their bill has been paid, followed by a link to claim a prize, or a text claiming to be Netflix telling the target they need to click on the attached link if they want to "keep watching." Both of these give the bad guy control over your phone in most instances.
Lisa Mesa, a smartphone user who has received numerous "smishing" texts says, “I get pre-approved for certain things, or really weird texts. They actually get kind of personal. They make it sound like they're a friend reaching out to you sometimes too. It says your appointment is ready - click on this link.”
SAC Rouse further states, “They can be anywhere. It really does depend on the scheme that's being perpetrated, and the amount of effort behind it. Sometimes we see very widespread scams. It'll go out and we quickly become aware of it because people will do the right thing, they report it to IC3.gov.”
Reporting to IC3.gov is definitely the first step if you receive one of these "smishing" texts. And it should become a habit to never click on a link you receive in an unexpected text, even if it seems to be legitimate. If you have any doubts at all contact the person who supposedly sent it and see if they actually did. If not, delete it immediately.
If you think you may have become a victim of "smishing" contact one of our Colorado Springs professional private investigators who can discuss different options you pursue.