Smishing - scam text messages

Owner advice
Property services
Owner advice > Managing rentals > Smishing - scam text messages

Smishing - scam text messages

'Smishing’ is the term used to describe the SMS (short message service) based form of phishing. Phishing is the practice of sending out fraudulent emails to obtain sensitive information, however, Smishing differs from phishing in that messages are sent directly to a mobile phone via a text message. In both cases, fraudsters are attempting to obtain personal information, such as passwords and credit card details, by sending out carefully designed messages that appear to be from a trustworthy source. Most commonly, these text messages appear to be from banks, social networking sites like facebook and online auction sites such as eBay.

As with phishing, smishing was so named as it follows a ‘hook’ and ‘bait’ method: the bait is the persuasion, and the hook is the actual method used to gather information.

Some of these messages can look very convincing if you’re not aware of what to look out for. To help you avoid becoming a target for fraudsters, we've outlined the common anomalies that should set alarm bells ringing.

  • Read between the lines. The tone and language used in a fraudulent text message may invoke a sense of urgency: ‘click here or we will deactivate your account’ or ‘call this number now or your account will be charged’. The website or phone line from where the text is supposedly sent may be asking you to ‘confirm’ personal information such as your credit card number, pin code, email address, password or other sensitive details. The danger is that in confirming these details, you're actually providing this information to the fraudster. In addition to this, if you are asked to call a phone number to 'confirm' your details, these will often be premium rate numbers. If you follow the 'hook' and call the number, not only do you risk giving away your personal information to a stranger, you may also be charged a large amount of money to do so.

  • Check the phone number. If the text message has come from the phone number '5000', this usually indicates the SMS message was sent via email to the phone. Scammers are likely to hide their identity by using 'email-to-text' services so that their actual phone number is masked. It's possible that text messages sent from '5000' may have originated from a network of computers infected by a virus. The owners of the computers being used may not even know that their computers are infected and being controlled remotely to induce a scam. This information can then be used in a number of ways, accessing accounts to commit fraud, identity theft or duplicating credit cards. If you receive a text message from a number which doesn't look like an actual phone number, use caution and consider contacting the company - who the message is claiming to be from - via a different avenue. For example, you could find the official website contact telephone number or email address and ask if your recently received text message from them is genuine.

  • Be careful what you click on. Clicking on the link may initiate a virus download to your phone or tablet. A recently documented case involved a text message urging users to download ‘antivirus software’ to their device, which in reality, was a phone virus. The smishing message may appear as a marketing message: ‘buy one get one free’ or ‘free £50 voucher’ but clicking on the link can download a malicious app onto your device.

  • Keep a lookout for anything unusual. If you receive an alert such as this asking you to confirm personal details claiming to be from an institution with which you are familiar, call them on a number that you trust such as the official customer service line. Most websites will not ask you to confirm your password in this way. Usually, you will only be required to confirm a password if you have made a change to your account. It's much safer to visit the official website when logging into your account. Always look for the ‘https’ in the address bar to ensure that you are logging in safely.

  • Looking to the future. We may find cyber criminals turning their attention more and more to mobile devices as we come to rely on them heavily for an increasing number of functions. In the meantime, you should be very careful about clicking on embedded links or calling numbers unknown to you in text messages, particularly from '5000' telephone numbers.

  • You can find more guidance on keeping your accounts safe online by visiting our advice page.

    Author: Claire, Account Validation Administrator

    Date: January 2012