IE 11 is not supported. For an optimal experience visit our site on another browser.

How Cyber Criminals Are Targeting You Through Text Messages

Cyber criminals are increasingly targeting victims through SMS text message scams known as "smishing."
Image: A woman texts on a smartphone
A woman texts on a smartphone.Cultura RM Exclusive/Chad Springer / Getty Images/Cultura Exclusive

Cyber criminals are increasingly targeting victims through a text message scam called "smishing" that can infect your smartphone and let thieves steal your personal information.

That means social security numbers, addresses, and even your credit card information can all be vulnerable through a simple, unassuming text message you receive.

"It may say something like, $500 was just withdrawn from your bank account, did you do it? If not, call this phone number," Pierson Clair, senior director of cyber security and investigations at Kroll, told NBC News. "There are millions of these text messages sent out every single day targeting everybody from small children to grandmothers and everybody in between."

Hackers usually send the smishing messages with a link or phone number. If you call or click, they'll then be able to harvest more data.

Americans lost $1.3 billion to cyber crime in 2016, according to the FBI. That number is expected to rise as criminals get craftier and go after unsuspecting victims in new ways.

Related: The New Way You'll Get Hacked: Through That Banking App on Your Phone

"A phone is something you always have on you," Clair told NBC News. "And if you always have it on you, and you're moving quickly through life, you'll have taken your phone out and you'll say, 'Oh no!' And you'll actively respond to it. And then they've got you."

There isn't a way to block scammers from sending smishing messages, so experts recommend being skeptical if you're not sure about a text.

Don't click the link or call the number. Instead, look at your bank's app independently and call a verified phone number. Finally, remember to delete suspicious texts.

The bottom line, Clair said: "Trust no one. Validate everything."