3 minute read
Aug 27, 2021
What is smishing and what can you do to protect yourself against it?
In 2020, the UK economy lost more than £1.26 billion to fraud, and as cybercriminals become ever more sophisticated in their attempts to relieve you of your hard-earned cash, today we’re looking at smishing and some of the steps you can take to avoid falling foul of common scams.
According to a report published earlier this year by UK Finance, which represents the UK’s banking and finance industry, the numbers of attempted scams using mobile apps, push payments and internet fraud all continued to show significant rises.
Push payments, where a scammer impersonates a legitimate organisation, rose by 22%, with the total amount of money lost amounting to £479m – over a third of all reported cases - and when it comes to mobile phone fraud, smishing cases are on the rise. This article looks at how you can protect yourself and your loved ones against fraudulent text messages.
What is smishing?
The term ‘smishing’ is derived from a combination of SMS and phishing. It’s a practice used by cyber criminals to steal sensitive financial and personal information via text message.
Typically, a smishing scam involves a fraudster impersonating a well-known organisation who sends the victim a request to verify their account details, claim a refund or request payment. Recent scams have involved the DVLA, HMRC, Netflix, banks and Royal Mail.
Other variations on a smishing scam can include sending notifications of a lottery win, bitcoin payment and in more sinister cases, messages supposedly from loved ones in trouble.
A smishing scam typically aims to try and persuade the victim to click on a link, which can result in identity theft, malicious software being downloaded onto a mobile phone as well as sharing banking details and passwords.
How can I spot a smishing message?
To the uninitiated, smishing messages can be alarming, but there are some tell-tale signs that can help you to spot scams. For example, the DVLA has confirmed that it never sends text messages requesting payments to motorists, whilst HMRC regularly publishes a list of common scams: https://www.gov.uk/government/publications/phishing-and-bogus-emails-hm-revenue-and-customs-examples/phishing-emails-and-bogus-contact-hm-revenue-and-customs-examples
There are other ways of spotting scam text messages too and things to watch out for include:
If you are unsure, search the name of the company. For example, HMRC’s website is gov.uk, in this fraudulent message the web link points to a very different location.
The National Cyber Security Centre (NCSC) has also published further guidance on dealing with suspicious text messages, which can be accessed here: https://www.ncsc.gov.uk/guidance/suspicious-email-actions
Our top tips to keep safe:
What is the industry doing?
Last April, the UK Government announced plans to trial a new system called the SMS SenderID Protection Registry. The registry was created to allow organisations to register and protect message headers, making it more difficult for scammers to impersonate legitimate businesses.
The scheme has been backed by a number of key UK organisations including Mobile UK and UK Finance, and it has also received the backing of the NCSC. Reports from the trials suggest smishing attempts were reduced by up to 90%.
However, it’s not the only scheme being trialled. In 2019, Google launched its own SMS verification service, with legitimate companies receiving a verification badge when messages are sent. The technology has proved to be slow to be rolled out, and at present, Verified SMS is not available globally. However, as the technology behind the mobile phones in our pockets continues to evolve, perhaps the days of smishing could be well and truly numbered.