SMS Reply Risks: Stay Safe

TL;DR

Replying to SMS messages *can* be risky. Scammers use texts for phishing, malware links, and premium rate scams. Be cautious about clicking links, giving personal info, or calling numbers in unexpected texts.

Understanding the Risks

SMS (text) messages aren’t inherently secure. They travel through various networks without strong encryption like you get with WhatsApp or Signal. This makes them vulnerable to interception and manipulation by bad actors. Here’s a breakdown of common threats:

• Phishing: Texts pretending to be from banks, delivery companies, or other trusted sources asking for login details, card numbers, or personal information.
• Malware Links: Clicking a link in a dodgy text can install viruses or spyware on your phone.
• Smishing: Phishing attacks specifically using SMS – the name comes from ‘SMS phishing’.
• Premium Rate Numbers: Texts encouraging you to call expensive numbers that charge high fees per minute.
• Vishing follow-up: A text message is used to initiate contact, then a phone call (voice phishing) is made to trick you into revealing information.

How to Stay Safe – Step by Step

1. Be Suspicious of Unexpected Texts: If you receive a text from an unknown number or one that seems out of the ordinary, treat it with caution.
   • Don’t automatically trust texts even if they appear to be from companies you know.
   • Look for poor grammar and spelling – scammers often make mistakes.
2. Never Click Links in Suspicious Texts: This is the biggest risk. Even if a link looks legitimate, it could redirect you to a fake website designed to steal your information.
   • If you *must* check something mentioned in a text (e.g., a delivery tracking number), go directly to the official website or app of the company – don’t use the link provided.
3. Don’t Share Personal Information: Banks, legitimate companies, and government agencies will *never* ask for sensitive information like passwords, PINs, or full card details via text message.
   • This includes things like your National Insurance number.
4. Don’t Reply to Spam Texts: Replying confirms that your number is active and can lead to more spam messages.
   • Blocking the sender is a better option (see step 6).
5. Be Wary of Offers That Seem Too Good To Be True: Scammers often use enticing offers or prizes to lure you in. If it sounds too good to be true, it probably is.
6. Block Suspicious Numbers: Most phones allow you to block numbers directly from the messaging app.
   • Android: Open the message, tap the three dots (menu), and select ‘Block number’.
   • iPhone: Tap the sender’s name/number at the top of the conversation, then tap ‘Info’, then ‘Block this Caller’.
7. Report Spam Texts: Reporting helps mobile providers identify and block scammers.
   • Forward spam texts to 7726 (SPAM). This works on most UK networks. You won’t receive a reply, but it sends the message for analysis.

Technical Considerations

While you can’t directly ‘scan’ an SMS link for safety before clicking (without third-party apps which have their own risks), understanding how links work helps:

• URL Shorteners: Scammers often use shortened URLs (e.g., bit.ly) to hide the true destination of a link. Avoid these if possible.

  curl -I https://bit.ly/examplelink 

  This command can show you where the short URL redirects, but it’s not foolproof.

• HTTPS: Look for ‘https’ at the beginning of a website address (if you *do* end up on a website). The ‘s’ indicates a secure connection, but even this isn’t a guarantee.