Drawing upon my experience as a Banker, earlier in the year I created my first Fraud Special on Vishing. This was well received so I have written the next in the series – Smishing.
What is Smishing?
No its not a bond villain’s organisation! Have you ever watched a magician? A Magician will trick you into believing something is real, even if it is not. Smishing is exactly like watching a magician. Your phone receives a text message that looks real, like it has been sent from a known company. In turn, you may be tricked into opening the text message and may even click on the link provided.
“The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.”
The Oxford Dictionary
What does a typical Smishing scam look like?
Your phone receives a text message from a well known organization, let’s say a bank. The message looks authentic and may even appear to come from an official company phone number. The message itself will usually be some sort of scare message. Telling you something is wrong with an account and providing a link to click on, so that you rectify whatever the error is. The link will most likely redirect to a fake web page that is designed to look exactly like the official page. You then input your data and bingo, the fraudster has your info and can do what the hell they like with it.
What else do I need to be aware of?.
Mostly all Smishing text messages follow the same themes:
- They will play on your emotions. They will make you fear losing something, or put doubt in your mind causing you to question your trust in something.
- They will almost certainly provide a web link or a phone number.
- They will provide a scenario that needs an urgent response – or else.
- If you follow the link they provide, the website will request and collect confidential data, or deposit viruses on your device. They may also provide a phone number that most likely will be a premium rate number.
It’s OK I use a messenger app, I don’t use text messages…
Well, just because you don’t use SMS doesn’t mean you should drop your guard. Statistically speaking you will use the SMS function on your mobile phone, so at some point you may see a SMS that may or may not be fraudulent. Smishing attacks can also be conducted via messaging apps such as Whatsapp. The delivery may be different, but the function is the same.
What can I do?
Great news, it’s easy to avoid being scammed by Smishermen – ok fraudsters!
- First remember it’s absolutely fine to be suspicious! Fraudsters are playing on people’s apathy and general unwillingness to look deeper.
- If you are worried about what the message is saying, get in contact with the company directly – do not use any numbers provided on the text message but find out if it’s genuine!
- Don’t respond. The Fraudsters maintain a list of ‘suckers’. By replying you are declaring to the fraudster you are a sucker and your number will be on the list. This means you can expect more messages – so don’t do it! Unless like me you like laughing at the badly spelt, badly worded text messages before they promptly get deleted.
- Forward the message! Yes you read that correctly. Your network operator has a duty to block the messages before they arrive. They can only do this if they know what numbers to block. So forward the suspected fraudulent message to this special number (this works for all networks apart from Vodafone – see below) : 7726 (Vodafone subscribers, 87726)
I have clicked on a dodgy SMS message – what do I do?
Firstly don’t panic and don’t be upset with yourself. These text messages and associated websites are designed to be super convincing. Just follow some steps to help you become secure again
- Change your passwords. Do this as soon as you can for things like your online banking, email address, cloud storage etc.
- Contact your bank. It’s a good idea to get in touch with your bank, just to make them aware of the situation. They’ll be able to let you know the best course of action.
If you have provided lots of personal info consider proactive registration with CIFAS, it will cost around £25 quid but well worth it in my eyes
If you have lost money as a result of a smishing text, or via any other fraudulent activity…
Report it to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk. If you are in Scotland, contact Police Scotland on 101.
Get Safe Online has loads of resources to look at https://www.getsafeonline.org/
The Met Police have a great book that free to download, The Little Book of Big Scams, fifth edition
‘Which’ also operates an online reporting service for scam texts and phone calls