Phishing Via SMS: How to Spot SMS Fraud

Smishing - Spotting SMS Fraud

Cybercriminals are always looking for new ways to scam people, originally it started with scam emails asking for your banking details. Now scammers use a more personal approach and go directly into your message inbox on your phone, so how to spot SMS fraud?

You have probably received an SMS saying you've won a prize and you need to give your details to claim the prize. Or a message from your bank asking to click on a link to confirm a recent credit card transaction because of suspicious activity...

Sound familiar?

Nowadays, internet users in the UK are more aware of cyberattacks, so cybercriminals have evolved and use more sophisticated processes to scam. Scammers will do everything to trick you into giving away your information, and attacks can be disguised as fake bank text messages or simple messages with an URL.

Text message attacks are what we call smishing. You have to learn how to spot SMS fraud and avoid the scam.

Smishing is a type of phishing attack where fraudsters will solicit your sensitive information on a text message. It can be very dangerous since SMS open rates are much higher in the UK than the email ones.

How to spot SMS fraud and avoid being prey to smishing

Spot SMS fraud is not impossible, you just have to have common sense before taking any action. Here are a few examples that you have to keep an eye on.

1. “You’ve won a....”

This is very common approach in SMS fraud. You receive messages saying you’ve won the lottery, or your number won a raffle, giveaways, and gifts, asking you to click on the link and fill out forms to reach out to them.

This is a trick cyber criminals use. If you receive this message, and if you know you didn’t join something or you don’t expect to receive gifts, ignore it. Don’t tap on that link. You can also reach out to the brand or company on their verified website, to report the scheme.

2. Random family emergency text

These text messages can be frightening sometimes if the family member is away or simply doesn’t live with you. That’s why some people might respond immediately before verifying.

This SMS contains messages stating that a family member is in trouble, and needs financial assistance, that you have to send the money as fast as you can or else something will happen to a family member. If you receive this type of text, reach out to your family member first, if possible. Verify the information you received, and don’t panic!

3. Grammar lapses

Companies and brands always make sure that the messages they send are correct in all details, including grammar. Poor composition affects their credibility. That’s why they send error-free content and messages.

If you see misspellings, wrong usage, typos, or any mistakes in the syntax of the message, even the URL if there’s any, ignore it. Be wary of text messages that sound unnatural too.

4. “You have a limited time to respond”

Are you told you have a limited time to respond? Sometimes, a fraudster's call to action on their messages pushes you to respond, immediately or within 24 hours. And if you don’t respond on their specified time, they threaten you to pay a fine or give you other consequences.

Responding to that text message allows malware to get into your mobile device and silently collect information. Scammers create fake urgency to make you respond immediately.

5. Scarcity

People who like to shop or wait for discounts and promos from their favorite shop are most likely to become a victim of SMS Fraud.

Text messages that offer short supply of good deals and opportunities like concert tickets, spa treats, shopping vouchers, make you respond quickly. Because you don’t want to miss out on great deals. Don’t respond. Some offers that seem too good to be true actually are.

6. Unusually Long Numbers

Fraudsters use unusually long numbers to send SMS. There’s a chance that these numbers are from scammers. You can check the company’s website or pages (if it’s mentioned in the message) to see and verify if those numbers are real.

If you're unsure of the company who contacted you, do a web search of the number or the content of the message.

7. Fake refund

Another way scammers can get to you through SMS messages is telling you that they owe you a refund. They pretend to be someone from the government, bank officer, or a cell phone provider asking for your personal details so they can return money or tell you that they overcharged your bill.

8. Weird URL address

Let's imagine for a minute you order something and FedEX will make the delivery.  So you get an SMS  with the tracking number and a call to action to add to the website, but the URL is just a random of letters. That's a signal that this is not FedEx URL but a scam.

If you see there's a random URL address, is better to ignore it, delete the message and move on.

You know how to spot SMS fraud, now what?

Cybercriminals use smishing to lure you into revealing your information by pretending to be someone you know, or a trustworthy organisation you might have interacted with previously.

There are plenty of ways you can avoid being a victim of these cybercriminals and reporting them to the authorities.

• Report the message immediately: According to the NCSC website, you can forward a suspicious message to the 7776. This is a free-of-charge message and your provider will investigate it.  Also, you can report it to Action Fraud, the UK’s national fraud and crime reporting centre.
• Spread the message: Talk about these smishing methods with vulnerable family members, like your parents, uncles and aunts, and grandparents. Make sure they know that these alarming messages are fake and malicious and should be ignored.
• Invest in security: Installing a VPN and a spam blocker on your mobile device. It can help hide your location from phishing attempts, and also you can block unwanted text messages from scammers or strangers.
• Don't try to interact with them: Never send a response, in any way, and tell your family and friends not to. Answering will tell scammers that your number is "live" and is held by someone so attacks will continue.
• Double check: If the text message contains a business name, call that company and check. You can check the URL and the phone number in some cases.
• Don't click the URLs: Don’t click on links attached to the text message, it doesn't matter what the message says.
• Delete the message from your phone.

And if you’re tricked and scammed, knock on wood, file a complaint, contact your bank, block your cards and change your passwords.

In conclusion, if you receive a suspicious message, you just have to stay calm, it is just a message. You just learned how to spot SMS fraud, so go report it and delete it. Later you can share your experience with friends and relatives, install some security software and you are ready to go.

Read our Business IT Secuity Guide for a deep dive into keeping your business data safe.

Read more from our blog