Here are a few ways to protect yourself against SMiShing or vishing:
• Be wary of incoming calls. If you receive an incoming call and a person or automated system requests personal information, hang up. Caller ID creates a false sense of security, so don't trust it. Before you give out any information to someone claiming to be from your bank or a company you trust, Siliciano suggests calling that company directly to verify there's a need for that information. Locate the phone number through the official bank website or on your bank card, not by Googling.
• Don't call a number left in a voicemail or text message. "Your bank is not going to send you a text message and prompt you to call them," Weber says. Before calling a number in a text message or voicemail, verify the number using the strategies above.
• Download apps through official channels. Go to the iTunes or Google Play store to download your bank's official app. "[Phishers] will send you a text message with a link to an app on a third-party server," Weber says. "It's not as easy to install it, but once you do that, it's completely seamless. They can make it look completely like the bank's app."
• Don't click links from unverified senders. Shortened links on a mobile device can be hard to verify and may link to malicious content. "Without being able to see a full address, it's difficult to tell if the website or sender is legitimate," Siciliano says. "You also can't hover over a link like you can from your computer and get a preview of a linked word or graphic."
[Read: How to Steer Clear of Online Scams.]
• Report suspected spam. Document as much information as you can, including what was said, the phone number of the caller and the information the person or system requested so you can report it to your bank as soon as possible. "The sooner you do, the more quickly the scam will be squashed," Siliciano says. With most major U.S. carriers, you can forward suspicious text messages to 7726 (spam spelled out on your keypad). This sends the message to a spam-reporting system that Cloudmark operates for the GSMA, an association of mobile operators.