Scam artists are moving away from calling phones and targeting victims through text messages instead. Their new method: Smishing (SMS-Phishing).

What is Smishing?

Smishing works in much the same way as a contemporary phishing e-mail, but the scam is sent by Short Message Service (SMS) messages instead. Preying on people’s panic and sense of urgency, fraudsters send out text messages to victims. They pretend to be close friends, employees or even their banks. With simple techniques, the victim is made to believe the text message is genuine, giving personal and potentially risky information away freely.

How does Smishing work?

Fraudsters use evolving techniques to make an incoming message look genuine. Methods included number spoofing, which makes text messages appear on existing threads from a trusted contact. A bank that previously never asked for PIN numbers may suddenly need it for a security update, and victims fall prey to the scam because the bank used to be a trustworthy spokesperson.

Other techniques involve scammers asking potential victims to call a number urgently. Once dialled, the number asks victims to generate one-time passwords for services such as their bank account. With the password, scammers can retrieve as much money as possible before victims ever notice it is missing. Banks may even refute that the loss of money was fraudulent afterwards, as victims would have given a third party their security details seemingly willingly.

How can Smishing scams be avoided?

There are a few simple defences victims can use to avoid being scammed through Smishing:

• Use different passwords for online banking, social media apps and e-mail accounts
• Two-factor authentication helps increase the likelihood that scammers do not have enough information to finish the scam
• If an SMS is received from a number asking for details it never did before, contact the relevant service over the regular customer hotline
• Do not reply to text messages that play on the following fears:
  • Fear of someone stealing money
  • Fear of being accused of a crime that was not committed
  • Fear of someone harming family or loved ones
  • Fear of the release of embarrassing or sensitive information
• Use a mobile providers’ text alias feature, which masks a potential victim’s phone number with an alias that scammers are unlikely to guess
• If available, enable a mobile provider’s “block texts from the internet” feature

For more on mobile fraud, click here.