"Here's a gift for you." Those words have a nice ring to them, don't they? The message sounds terrific, but data security specialists urge caution. You're now the proud owner of what's sometimes referred to as a loaded text. This type of SMS message has increased rapidly in the past two months, earning this tactic a turn in the spotlight as our Scam of the Month.

Fraudulent text tactics aren't new. In 2014, the Federal Trade Commission (FTC) settled a complaint against a group of shady text senders who promised free gift cards to anyone that replied. The agency also reclaimed $2.5 million consumers had lost. Unfortunately, this ploy has aged well over time—for the scammers at least.

This technique to invade digital devices is known as smishing—a mash-up of SMS or short message service and phishing. What's worthy with our Scam of the Month honoree is a wave of imposters claiming to be your cell phone provider. The ploy has hit AT&T, T-Mobile and Verizon users hard.

Texts read "Here's a gift for you" or "Here's something for you." One text approach claims to be a "thank you" gesture for your recent bill payment. Another discusses "service concerns" or "recent disruptions" in service. It would be swell if cell carriers provided compensation for system downtime, but they generally don't make such offers.

Texts offering free stuff often prove difficult to resist. Messages will boost their credibility by addressing you by name. Your cell number and name paired together were most likely compromised in a recent data breach like T-Mobile's August attack that lost these exact details for 850,000 customers. Information from older data breaches can also work.

Do not click this bait! If you do, you're likely to land on a spoofed website that perfectly impersonates the real deal. The page requires you to log in at AT&T or Verizon, for example, and presto! The hacker now has your account credentials and can roam through your usage, spend your money or even switch passwords to lock you out of the device. You may also receive a download of malware while visiting the imitation web page.

The root cause of a data leak often proves challenging to trace back to the initial breach or source. However, that wasn't the problem when a lower-priced service started to see actual device takeovers in early October of this year. Instead, the company blamed the breaches on credential stuffing —a practice of using breached login details on hundreds of different websites to determine what additional accounts they might unlock. An essential element in such hacks is the terrible practice of password recycling. Using the same password for numerous access points is a terrible idea.

Worst of all, these intruders can authorize large purchases that flood your credit card on file with the carrier. Some customers reported $1,000 purchases, for example, that could max out cards. While the company addressed through social media , it quickly took its strategy private responding on a case-by-case level via direct messages (DMs).

The old standby of hovering your mouse cursor over an embedded link won't work here. Senders employ a link-shortening site like bitly.com to cloak their accurate web address. You could end up anywhere if you clicked that link.

It doesn't always take a rocket scientist to spot the scam. For example, a text on your work device could address you personally. Likewise, one from a cell carrier you don't use is a dead giveaway. Perhaps, a past provider shouldn't be texting you at your current number regarding bill payments. Con artists are persistent, however, and sooner or later, you'll get a loaded text you won't be able to evaluate easily.

Written and Published By, IDShield