'Smishing' Scammers May Hit Cellphones

Oct. 22, 2011 — -- Brion Sever received an automated voice mail message on his cellphone last week that caught him off guard.

It contained an alert that his Wells Fargo bank account had been compromised.

Sever knew better. As a Monmouth University criminology professor, he has studied scams. But the one that surfaced on Oct. 9 left him both impressed and spooked.

"For the first 5 seconds, you're like, 'Oh no!' You're caught off guard," he said. "It was an automated computer voice and very well done, very sophisticated."

Sever experienced a spreading high-tech con known as "smishing."

Smishing is like phishing, a technique that uses e-mails that look legitimate to trick victims into handing over vital information, but with smishing, identity thieves ply their scam through messages to a mobile phone, not a computer.

With recent attacks in the western U.S., law enforcement and consumer affairs officials have expressed concern that similar large-scale attacks could spread nationally.

FBI spokesman Tim Ryan, supervisor of cyberinvestigations for the FBI's Newark division, based in Franklin, N.J., said the message Sever received is part of an open case.

In the recent spate of scams in the West, identity thieves sent text messages en masse to random cellphones that read: "Wells Fargo notice: Your card 4868* has been deactivated." The message listed a phone number.

People who dialed the number were asked for account information, Social Security numbers and personal identification numbers, officials said.

The crooks cast a broad net. Many people other than Wells Fargo customers got the messages.

Kevin Friedlander, spokesman for Wells Fargo, said the messages popped up on mobile phones in Washington, Oregon, the Dakotas, Utah and parts of Colorado. The attacks began in August.

The bogus messages also arrived via automated voice mail and e-mails to smartphones, he said.

"Wells Fargo would never ask a customer for personal or account information using these methods, and that's the common thread with these scams," Friedlander said.

Friedlander is urging anyone receiving similar messages to report it to Wells Fargo by calling 866-867-5568 or at www.wellsfargo.com.

The FBI is advising targeted people to report the messages to www.ic3.gov, the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center.

The slang term smishing, sometimes spelled SMiShing, is a combination of the abbreviation for text messages — SMS, or Short Message Service — and phishing. Smishing is also known as vishing.

Several banks affected

Wells Fargo isn't the only bank victimized in the smishing scam. The text messages in the scam in the West also claimed to be from Bank of America, Chase, Citibank and Capital One, according to the Washington state attorney general's office.

"People's phones are becoming their computers," said Ryan.

Identity thieves began to key in on smartphones in a big way 12 to 18 months ago, he said, although smishing scams have been around longer.

The scam works like this: Criminals set up an automated dialing system to text or call people in a particular region or area code. Sometimes, they use stolen customer phone numbers from banks or credit unions.