Smishing is the modern cousin of email phishing and involves scammers and fraudsters sending text messages to your mobile. Spam text messages can be annoying but are also potentially costly and can lead to:
- Identity theft
- Malware infections
- Monetary fraud
Texts purporting to be from your bank might ask you to provide your pin or card details to verify your identity, and others might have a link that takes you to a fake site – and gives a hacker direct access to your personal information.
So, how can you spot a phishing text, and what should you do in response?
The Rise in Smishing Scams
Phone text scams are rising, with the Office for National Statistics recording 4.5 million offences in this type of fraud in the 12 months to March 2022. Around 61% of scams are online, making it important to be cautious about the origin of any messages you reply to.
The focus away from email scams is likely because filters have become more advanced, and people are now so familiar with junk mail they tend to recognise anything suspicious – leading cybercriminals to search for new methods and opportunities.
Today we conduct so much of our lives through our mobiles, including online banking, personal messaging and storing information, making a smartphone an ideal target for hackers.
The South African quick loan provider Wonga is one of many well established fintechs who have been imitated by cyber criminals over the last few years, with fraudsters pretending to be a legitimate financial institution to try and convince unsuspecting people to hand over login details. The example below is a real text message sent to potential victims and shared with Wonga’s permission to help raise awareness of how these attacks can look:
How to Spot Smishing
Any message from an unknown number may be smishing, so never take it at face value, even if you assume a text is from a friend or it uses your name!
Here are some red flags to look out for:
- Vague messages with poor grammar or random spellings.
- Any messages with a direct link.
- Requests for details, personal information, or login credentials.
If you receive a message asking for money, be sure to contact the person (directly, not by replying to the message!) to verify whether it is authentic.
A common scam doing the rounds on WhatsApp purports to be from a child and says something like, ‘Hi Mum, I’ve broken my phone, so I’m using a friend’s. Can you transfer me £100 to get it fixed’.
Of course, if you call the number, it won’t be anyone you know on the other end! Always speak to the person or contact your bank or the company the text says it is from using the details on their website before you respond.
What to Do If You Receive a Smishing Text
The first thing to do is to block the number so the scammer can’t keep pestering you. You can then forward the spam message to SPAM or 7726, which sends an alert to your mobile provider.
Ofcom says that seven out of every ten people experienced a phone scam last year, so reporting it can help carriers to close accounts linked to repeated fraud attempts. There is a full guide to reporting scam mobile texts and calls on the Ofcom website, along with links to Action Fraud.