What information will be provided via SMS and what not?
First of all, it is virtually impossible that your bank sends you a text message with a link to log in for online and mobile banking. Banks can communicate phone numbers via SMS, for example, to block your credit card if any suspicious transactions take place on your bank account. However, they do not ask you to log in via a link. In any case, it is wise to install an extra layer of security on your online accounts, for example with Two-factor authentication (2FA).
Fraud in the United Kingdom
The British bank Barclays investigated online fraud in the United Kingdom. They concluded that the number of online fraud cases over the coming holidays might reach a new record. The combination of the rise of mobile banking and the shopping madness during the festive season, causes Smishing to become an important factor in online fraud.
The well-known phishing email
Everyone knows phishing e-mails these days, which must tempt you to log in on what appears to be an online portal from a bank. The unsuspecting customer enters his bank's login details on the fraudulent portal, after which the internet fraudsters are in possession of the login name and password and raid the bank account.
Smishing, the unknown sister of phishing
This same construction is also possible via SMS. The sender id for SMS messages can be changed so it looks like the SMS message comes from the bank, but in fact it comes from a person. A link to a fraudulent portal in the message does the same as the link in a phishing message, only via the mobile phone. Smishing also works when fraudsters send a phone number in the message. If the victim calls the number and issues privacy-sensitive information, this can also cost a lot of money.
Account plundered after Smishing
A resident of the island of Guernsey lost over 37,000 euros when he called the number that fraudsters sent in a text message. The victim thought that the text message came from his bank. He called the number, released sensitive information and his bank account was plundered.
The man retrieved all the money but this case shows that Smishing has the same risk of fraud as phishing. Smishing is perhaps even more dangerous because it is a less known fraud method. Nevertheless, since this year there are more searches on Smishing, which may indicate that the phenomenon is becoming more popular among fraudsters.
Some tips to prevent fraud via Smishing:
- Make sure your online (banking) environment has an extra layer of security (2FA)
- Be careful with links and phone numbers in text messages
- Make sure your bank reports unusual transactions
- Never communicate your credit card details, username and password
- If in doubt, contact your bank immediately