Beware of 'phishy' text messages on your cell phone
[PHOTO: P. Eng, Consumer Reports]
I almost fell for a rather clever phishing message sent to my cell phone, not my computer's e-mail inbox. A text message from "Unknown" popped up on my cell phone, warning me that my "Card" with Chase had been deactivated. To reactivate it, all I had to do was call the toll-free number listed in the message. (See image at right.)
Because I have several accounts with Chase—and I do take advantage of "Chase Mobile Banking"—I nearly pressed the "Call" button to reactivate my card.
But on closer look, I realized this was a scam. Here's what tipped me off:
- The "Unknown" sender. All the previous official alerts from Chase to my cell phone were clearly identified by a specific ID number clearly linked to "Chase" in my phone's address book.
- The "Card starting with..." text. Most banks use "Your account ending with..." not, "starting with."
- The improper capitalization. "...has been Deactivated."
- The incorrect account number. I don't have any Chase accounts starting with 511182.
Thankfully, I didn’t press the "Call" button on my cell phone. But I did phone Chase's official customer service line (1-800-436-7927) and was quickly connected with the Chase bank's online fraud and security center. The Chase representative told me the bank is aware of these phishing text messages, but the version of the phish they had on record had a different toll-free number. They noted the details of the phishing message I received and said they'd monitor my Chase accounts for any suspicious activity since this appeared to be a "new type of fraudulent e-mail."
Out of curiosity, I did call the phish's toll-free number using my office phone and got an automated message that simply said, "Thanks for calling" and then disconnected. My guess: The purpose of this spam is simply to identify "marks" or targets for even more cleverly designed text messages. At the very least, the phishing phone number has confirmed an unsuspecting person's cell phone number as a valid number—and possibly targeted for future telemarketing calls?
What do you think? Have you ever received a suspicious text message like this? If you replied, what happened? Weigh in below.
For more help, see our video, Cell Phone Spam, and read our advice on avoiding online threats and identity theft. –Paul Eng
Previous
Posted by: Jerry | Oct 26, 2009 1:25:13 PM
Ana, call your cell service provider to see if there is any option to disable that message. OR disable text messaging altogether if you do not use text messaging (again, ask your service provider.)
Posted by: Jerry | Oct 26, 2009 1:23:31 PM
I have receive such a text message. It goes as follows:
From: jfmpkf@messaging.sprintpcs.com
JPMorganEFS Has Limited Your5111-82AccountAccess.
ToReactivate Call:(405)237-3800
I reported not only to Chase but my own security investigation department in my own company. I think it is kind of stupid since you would think the FBI can find out who owns those numbers. So basically, it is easier to track than a website.
Posted by: Paul Eng | Oct 26, 2009 10:08:37 AM
Hi Ana,
I'm sorry you're getting these fraudulent messages on your phone, too!
My colleague, Mike Gikas, wrote a great piece that might help you. See:
Cell-phone spam: How to curb it
http://blogs.consumerreports.org/electronics/2008/03/cell-phone-spam.html
Good luck and let us know how your situation turns out!
--Paul Eng
Web Senior Editor, Electronics
Posted by: Dave S | Oct 25, 2009 11:58:14 PM
When you, Paul receive a spam text message why do I automatically get spam in my RSS reader? You work for Consumer Reports and you "nearly pressed send"? Sheesh. Disappointing article.
Posted by: Ana | Oct 25, 2009 3:43:50 PM
I have been getting a ton of these in the last week. I get charged per text message and I am tired of these. How do I report it?