The Truth About GoChecks Text Messages Will Surprise You: An Explainer

The recent surge of unsolicited text messages claiming to be from "GoChecks" has left many bewildered and concerned. These texts, often promising quick cash or asking for confirmation of suspicious activity, are rarely legitimate and represent a growing problem of SMS-based phishing scams. Let's break down what's happening, why, and what you can do.

What are GoChecks Text Messages?

GoChecks text messages are unsolicited SMS messages that typically impersonate a legitimate financial institution or service. They often use alarming language, like "Suspicious activity detected on your account, confirm now!" or alluring promises like "Get $750 now with GoChecks!" Their primary goal is to trick recipients into divulging personal information like bank account details, social security numbers, or login credentials.

Who is Behind These Messages?

The perpetrators are typically cybercriminals operating from various locations, often outside the United States, making them difficult to trace and prosecute. They utilize sophisticated techniques to mask their phone numbers and bounce messages through multiple servers, further obscuring their identities. Security researchers at companies like Proofpoint have tracked similar campaigns to organized crime groups involved in other forms of online fraud.

When Did This Start?

While SMS phishing, or "smishing," has been around for years, the GoChecks variant has seen a significant rise in recent months. Data from the Federal Trade Commission (FTC) shows that text message scams have been steadily increasing. In 2022, consumers reported losses of over $330 million to text message scams, a significant jump from previous years. The GoChecks campaign seems to be capitalizing on this trend, taking advantage of the relative anonymity and ease of distribution offered by SMS.

Where are These Messages Being Sent?

These messages are being sent indiscriminately to mobile phone numbers across the United States and potentially other countries. Scammers often obtain phone numbers through data breaches, online harvesting, or even by generating them randomly. There isn't a specific geographic target, making almost anyone with a mobile phone a potential victim.

Why are People Falling for These Scams?

Several factors contribute to the success of these scams:

  • Urgency and Fear: The messages often create a sense of urgency or fear, pressuring recipients to act quickly without thinking critically.

  • Impersonation: By mimicking legitimate financial institutions, scammers gain credibility and trust.

  • Mobile Convenience: People are more likely to click on links and enter information on their phones without the same level of scrutiny they might apply on a desktop computer.

  • Lack of Awareness: Many people are unaware of the prevalence and sophistication of smishing scams.

    • Historical Context: The Evolution of Phishing

    Phishing, the broader category of scams that includes smishing, has evolved significantly since its early days. Initially, phishing attacks primarily relied on email, impersonating large companies like AOL or eBay. As email security improved, scammers shifted their focus to other channels, including SMS. The rise of mobile banking and online financial services has created a fertile ground for smishing attacks, as people are accustomed to receiving legitimate financial communications via text.

    Current Developments and the Fight Against Smishing

    Law enforcement agencies and telecommunication companies are actively working to combat smishing. The FTC and the Federal Communications Commission (FCC) have issued warnings and guidance on how to identify and avoid text message scams. Telecommunication companies are implementing measures to block suspicious numbers and filter out spam messages.

    However, the fight is an ongoing challenge. Scammers constantly adapt their tactics, using new phone numbers, crafting more convincing messages, and exploiting vulnerabilities in mobile security. The rise of AI-powered chatbots also raises concerns, as scammers can use these tools to generate more sophisticated and personalized phishing messages.

    Likely Next Steps and What You Can Do

    The following developments are likely in the near future:

  • Increased AI Involvement: Expect to see more sophisticated and personalized smishing attacks powered by AI.

  • More Targeted Attacks: Scammers may increasingly target specific demographic groups or individuals based on information gathered from data breaches.

  • Enhanced Security Measures: Telecommunication companies and mobile operating systems will likely implement more advanced security measures to detect and block smishing attacks.

  • Greater Public Awareness Campaigns: Expect to see more public awareness campaigns aimed at educating people about the risks of smishing and how to protect themselves.

    • Here’s what you can do right now:

  • Don't Click on Links: Never click on links or call phone numbers included in unsolicited text messages.

  • Verify Directly: If you suspect a legitimate issue with your bank account or financial service, contact the institution directly using a phone number or website you know to be authentic.

  • Report Suspicious Messages: Report suspicious text messages to the FTC at ReportFraud.ftc.gov. You can also forward the message to 7726 (SPAM).

  • Be Skeptical: Be wary of any message that asks for personal information or creates a sense of urgency.

  • Enable Spam Filters: Enable spam filters on your mobile phone and consider using a third-party app to block unwanted text messages.

  • Educate Others: Share this information with your friends and family to help them avoid becoming victims of smishing scams.

The "GoChecks" text message phenomenon is a reminder of the ever-present threat of online fraud. By staying informed, being vigilant, and taking proactive steps to protect your personal information, you can significantly reduce your risk of becoming a victim.