Zoonop

Surge in SMS Phishing: Fake Delivery Texts, Shortened URLs Lead to $470 Million in Consumer Losses

Image for Surge in SMS Phishing: Fake Delivery Texts, Shortened URLs Lead to $470 Million in Consumer Losses

SMS phishing, or "smishing," scams are rapidly increasing, with consumers losing an estimated $470 million to text message fraud in 2024, a significant rise from previous years. These deceptive messages often leverage shortened URLs, such as those from t.co, to trick recipients into revealing sensitive personal and financial information. The prevalence of fake delivery notifications, impersonating legitimate carriers like FedEx, UPS, and USPS, is a primary driver of this surge.

Cybercriminals exploit the widespread use of text messaging, knowing that individuals are more likely to click links in SMS messages than in emails. Research indicates SMS click-through rates range from 8.9% to 14.5%, significantly higher than the 2% average for emails. The compact nature of mobile screens also makes it harder for users to scrutinize suspicious links, contributing to the effectiveness of these scams.

A common tactic involves sending texts claiming a package delivery failed or requires updated information, often containing a t.co link. While t.co is X's (formerly Twitter's) legitimate URL shortener, its use in unsolicited messages can mask malicious destinations. Clicking these links typically redirects users to fraudulent websites designed to steal banking details, login credentials, or install malware.

Authorities, including the Federal Communications Commission (FCC) and the FBI, have issued warnings about these sophisticated scams. The FBI's Internet Crime Complaint Center (IC3) highlights that clicking such links can lead to identity theft or malware installation. Consumers are advised not to click on suspicious links, especially those in unexpected delivery notifications, and to verify any delivery status directly through official carrier websites.

To combat smishing, experts recommend forwarding suspicious texts to 7726, a free spam-reporting service. Users should also be wary of messages creating a sense of urgency, containing poor grammar, or originating from unfamiliar numbers. The substantial financial losses underscore the critical need for increased public awareness and vigilance against these evolving digital threats.