Smishing

Smishing – the commonly-used name for SMS phishing – is an activity which enables criminals to steal victims’ money or identity, or both as a result of a response to a text message. In common with both phishing, which uses email as an initial approach, and vishing, which uses phone calls, smishing uses your mobile phone (either a smartphone or traditional non-internet connected handset). Like the other methods mentioned, it manipulates innocent people into taking various actions which lead to being defrauded.

The risks

You receive a fraudulent text claiming to be from a trusted organisation or individual being impersonated by criminals, including the following:

  • Your bank, informing you that there is a ‘problem with your account’ such as irregular activity or lack of funds.
  • A retailer, offering ‘vouchers’ or ‘gift cards’.
  • A technology provider such as Apple or Google, notifying that you ‘need to validate an account’.
  • A parcel delivery company, notifying you that you need to ‘confirm that you want a parcel to be delivered’.
  • The tax authorities, informing you that you are ‘due a refund’.

This list is not exhaustive.

What all smishing messages have in common is:

• They instruct you to either go to a website or make a phone call to a specified number.
• They play on your basic human emotions and needs, such as trust, safety, fear of losing money, getting something for nothing, eagerness to find a bargain or desire to find love or popularity/status.
• They generally state or imply the need for your urgent action to either avoid an issue or take advantage of an offer.

Websites you visit via smishing messages generally either request confidential details or cause your internet-connected mobile device to be infected with malware. Phone calls you make in response can either result in confidential details being requested, or be to a premium rate number resulting in exorbitant charges being added to your phone bill.

How to avoid becoming a victim of smishing

• Do not click on links in text messages unless you are 100% certain that they are genuine and well-intentioned.
• Take time to consider your actions before responding to text messages.
• Ask yourself if the sender, if genuine, would really contact you via this text.
• Recognise threats of financial issues or offers that seem too good to be true, for what they really are.
• If in doubt, call the correct number of the organisation or individual from whom the text claims to have been sent, to check its authenticity.
• Remember that even if the text message seems to come from someone you trust, their number may have been hacked or spoofed.
• Do not respond to the text message. Doing so could result in your details being added to a ‘suckers’ list’ and you will be inundated with similar messages.
• Contact your mobile network provider to take early action to block numbers that are generating spam – including scam texts – on their networks.

If you have lost money as a result of a smishing text, or via any other fraudulent activity

Report it to the police