Person checking the security status of their mobile phone

Security | Smishing Scams

Watch for fraud via text and SMS messages.

Smishing is a type of cyberattack that uses short message service (SMS) messages to scam people into giving away sensitive information or money. It works by sending texts that appear to be from a legitimate source, such as First Northern Bank and Trust, asking for personal details or a payment. The smisher then uses this information for identity theft or other malicious activity.

It is important to be aware of this type of scam. Your best defense is to only respond to inquiries from people you know and trust.

Unlike phishing, which targets computer users through emails, smishing attacks target mobile phone users directly through text messages. Smishers can also use messaging apps like WhatsApp and iMessage to send out fake messages. Some criminals even use automated technologies to send out large-scale attacks in the form of spam texts.

To protect yourself against smishing attempts, please be wary of any suspicious texts you receive. Never click on links sent via SMS; instead, go directly to the company's website or app to verify the authenticity of the message.

Additionally, do not provide personal information over SMS, including account numbers, PINs, or any other personal data. If you suspect a scam attempt, immediately block the sender. First Northern Bank and Trust employees will never text customers to request confidential or personally identifiable information. 

Finally, it is vitally important that you not respond to these messages. Any response will confirm that your number is valid and open you up to more targeted smishing attacks in the future. By taking these measures and being mindful of suspicious activity, you can better safeguard yourself against smishing attacks.

Here are some examples of possible smishing texts.

Remember, each of these messages will appear to come from a legitimate source, often one with which you do business. After all, as millions of people shop online, use popular streaming services, and sign up for cell phone plans, it's easy to pose as one of these companies and create a false message that comes across as genuine. Read your messages carefully and keep an eye out for typos, urgent language, and errors that could signal fraud.

“To continue your service, please update your membership by clicking this link (shortened link).”

“Your package has been delivered and is waiting for you at the nearest pick-up locker. To receive a confirmation text with your pick-up code, click this link (scrambled link).”

“Warning: Our security system detected a suspicious login on your account. To confirm that it was you, click this link (mystery link). If it was not you, report it as fraud (click another unknown link).”