A text shows up on your office manager’s phone at 4:52 on a Friday. Looks like it came from Chase. Theres a fraud alert and a link to “verify” the account before it gets locked. She has twelve things going on and the message looks real enough, so she taps it. That one tap puts your company bank login on a scammer’s server before anyone even leaves for the weekend.
That’s smishing, which is just phishing done over text message instead of email. And smishing in Fort Myers has gotten noticeably worse this year. We’ve had calls from businesses in Cape Coral and Bonita Springs about the same handful of scam texts, sometimes word for word identical. Here’s what these scams look like right now and how to keep your team from falling for one.
Why Scammers Moved From Email to Your Phone
Email security finally got decent. Spam filters catch most of the junk, banks tightened up their email protections, and people learned to side-eye anything in their inbox asking for a password. So attackers went where the filters aren’t.
Your phone has basically no spam filter worth mentioning. Text messages get opened at rates email marketers can only dream about, and they feel personal. Recent industry numbers put smishing at around 35% of all phishing attacks, growing roughly 40% year over year. For small businesses the texts usually go after payroll changes, wire transfers, and vendor payment updates. The money stuff.
AI made it worse. The broken English that used to give these away is gone, the messages read clean now.
Smishing in Fort Myers: The Scripts We Keep Seeing
A few of these come up over and over with local businesses:
- The fake bank fraud alert. “Suspicious activity detected on your account” with a link. The link goes to a login page that looks exactly like your bank’s site.
- The SunPass toll scam. Huge in Florida right now. A text says you owe a small unpaid toll, like $6.99, and threatens late fees. The amount is small on purpose, people pay it without thinking and hand over their card number.
- The boss text. An employee gets a message claiming to be the owner. “In a meeting, need you to handle something quietly.” It ends with gift cards or a wire transfer.
- The fake delivery notice. A package from FedEx or UPS supposedly needs a fee or an address confirmation. Office managers who order supplies all week are the exact target.
- The payroll switch. HR gets a text from an “employee” asking to update their direct deposit. The paycheck goes to the scammer’s account on the next pay run.
Train Your Team Before Somebody Taps the Link
Most of this comes down to a few habits. None of them cost anything.
Never tap a link in a text you weren’t expecting, even if it looks legit. If the message claims to be your bank or SunPass, close it and go to the actual app or website directly. The real account page will show the same alert if its genuine. It almost never is.
Any request involving money or banking details gets verified by voice. Not by replying to the text. Call the person on the number you already have for them. This one rule alone would have stopped every payroll scam we’ve seen this year.
Forward scam texts to 7726 (SPAM). Your carrier uses these reports to block the senders. Then delete it. You can also report scams to the FTC at reportfraud.ftc.gov, and CISA has a solid free guide on recognizing phishing in all its forms.
And turn on multi factor authentication everywhere, especially banking and email. If a password does get stolen through one of these texts, MFA is the thing standing between the scammer and your account.
If Somebody Already Tapped
It happens. Don’t waste time on blame, move fast instead.
Change the password on whatever account the text was impersonating, then change it anywhere else that same password got reused. If banking info went out, call the bank’s fraud line immediately, the first hour matters a lot with wire fraud. Check the email account for forwarding rules scammers love to quietly add. Then watch statements closely for a few weeks.
If you’re not sure what got exposed, that’s exactly the moment to bring in help.
Worried About Smishing? HenkTek Can Help
HenkTek works with small businesses across Fort Myers, Cape Coral, Bonita Springs, and Naples on exactly this stuff. We run employee security awareness training that covers text scams, set up MFA the right way, and lock down company phones with mobile device management so one bad tap doesn’t turn into a company-wide problem.
Call us at (239) 234-2334 or reach out for a free consultation. We’ll take a look at how exposed your business is and tell you straight what needs fixing. No scare tactics, just a plan.