You’re in the middle of your day when a text pops up:

“URGENT: Fraud detected. Your account will be locked. Click here to verify.”

Your heart rate jumps, because it sounds serious—and that’s exactly the point.

“Smishing” is phishing through SMS/text message, and it’s one of the most common ways scammers try to steal personal information. The message may look convincing, but the goal is usually the same: trick you into clicking a link, entering login information, or handing over a one-time verification code.

Smishing relies on urgency. When we feel pressure to act quickly, we’re less likely to double-check details. Scammers also know that most people use their phones for everything—so a text feels immediate and personal.

The best defense is to slow down long enough to verify.

A real alert from a legitimate organization will not require you to panic-click a link. If you see any of the warning signs below, pause before taking action.

• Urgent threats or pressure: “Act now,” “Final notice,” “Your account will be locked
  today.”
• Unexpected links: shortened URLs, misspellings, strange domains, or anything that
  doesn’t match the organization’s official website.
• Requests for sensitive information: passwords, Social Security numbers, or
  verification codes.
• Messages that don’t match your situation: references to accounts you don’t have
  or purchases you didn’t make.
• “Reply YES/STOP” tricks: replying can confirm your number is active and lead to
  more scam attempts.

If you tapped a link or entered information, don’t beat yourself up. Act quickly.

Start by changing your Digital Banking password (and your email password if you reuse passwords). Then watch for unusual activity and reach out to us so we can help you review next steps.