There has been a recent increase in other SMiShing campaigns in which a user receives a text message from an unrecognized number that contains verbiage similar to "Hey! How have you been?" The threat actors behind these campaigns seek to garner a response from the recipient. Responding may lead to a conversation in which the user is lured into a scam, such as a gift card scam (image 2), or the threat actor may simply be attempting to confirm that the phone number is active. Attempts to garner a response from the user are also used in bank impersonation campaigns, coercing the user to reply to avoid fraudulent activity on their account without requesting information or prompting them to click on a link (image 3).
The NJCCIC advises users to avoid responding to unsolicited text messages or contacting the sender's phone number or any unverified phone numbers mentioned in these messages. Also, refrain from clicking on links or providing sensitive information in response to such messages. Instead, we recommend manually typing the official URL into your browser to navigate directly to online accounts. SMiShing attempts can be reported to your mobile carrier, the FTC, and the NJCCIC, or forward the message to 7726 (SPAM).