What is smishing?Posted on 15 February 2018 by Beaming Support
Smishing – or SMS phishing – is a term for malicious text messages sent by scammers intent on convincing the recipient to share personal or financial data.
In many cases, the scam text messages purport to be from the recipient’s bank and will ask them to click a link or phone a number. The victim is then asked to transfer money to a different bank account.
Most of us like to think we wouldn’t fall victim to these kinds of tactics, but new technology has allowed criminals to infiltrate existing SMS threads, adding a perceived authenticity to their efforts. It’s more likely you’ll let your guard down when you open a text message and see that the previous message in the thread was a genuine alert from your bank. Hearing that a significant amount of money has been removed from your account may cause a panicky urge to act quickly, and with links in an SMS being harder to “inspect” for authenticity since you’re unable to hover over them, you may click something you wouldn’t normally risk. (You can still check the link, though, by holding your finger down on it. Unlike a short tap which would open the link, holding your finger on it will cause a new dialogue window to pop up, showing you what the destination web address is but without actually following the link)
So, if you receive a text from your bank saying that a new recipient has been set up or that an unusual transfer of funds has been made, but you didn’t authorise such an action, what should you do?
1. Pause. It’s easier said than done, we know, but remain calm for a moment. If a fraudulent transfer has been made already, a ten minute wait while you verify that this is the case won’t make a difference now. However, if this is a smishing attempt, rushing to click an “I did not authorise this payment” link may ironically be the thing that allows the fraud to be carried out.
2. Check if what the message says is true by logging in to your internet banking. Log in using your authorised banking app or by navigating to the bank’s website (not by clicking a link in a message!). If you’ve been warned that a transfer to an unknown bank account has happened, have a look at your statement, does it show this transaction? If you see that no money has left your account you should feel reassured, but you’ll still want to follow the next step.
3. Phone the bank. Again, don’t use a number or link provided in the text message. Use your browser bar to navigate to your bank’s website and find the phone number there, or track down a paper statement if you have one and use the phone number printed on that. When you get through to the bank they’ll ask for the usual details to verify your identity, but you’ll know that you’re speaking to a legitimate agent because you called them. If there is an alert on your account, the person you speak to will be aware and can guide you through the next steps to be taken.
If you speak to your bank and find that the message you received was a smishing attempt, you can report it to Action Fraud by following this link.
Browse our information security archive to learn more about the different techniques used by scammers and how you can protect yourself against them.