Protect yourself from becoming a victim of SMS phishing

What is SMS phishing?

It’s when cybercriminals send Short Message Service (SMS) text messages that are designed to steal personal or financial information from you, whether by pretending to be a reputable site, or getting you to download malware onto your phone. They could also try to trick you into giving them the login to your Apple account, if you’ve got one, which would then provide them with your personal data.

Types of SMS phishing scams

Fraudsters can try to pull SMShing scams in various ways. Some examples are as below.

  • Competitions. You may receive a text message inviting you to join a competition. What seems like an SMS from a reputable company may really be from a cybercriminal – you’ll usually be asked to enter personal information in order to join the contest or collect your prize. The information is then collected by the fraudsters.
  • Verifying credit card transactions. The National Fraud Intelligence Bureau has reported that cyber criminals can pretend to be credit card providers in order to send fake text messages. These SMS messages may ask you to confirm a recent transaction. Your reply will help them to confirm your phone number, which they can then use to call you in order to try to scam you.
  • Expensive texts. Whatever their disguise for getting you to text them back, SMS fraudsters could also be charging you a hefty SMS rate for your reply. You could also be automatically signed up for ongoing charges.

Protecting yourself against SMS phishing

Here are some ways to minimise your chances of becoming a victim of SMShing.

  • Don’t reply to SMS messages from numbers that you don’t recognise. If in doubt, get in touch with your mobile phone provider to check if certain numbers charge premium rates.
  • Don’t share your login, personal or financial details over SMS. Your bank, utility provider or any other genuine company will never ask for sensitive information via text message.
  • Watch where you input two-factor authentication codes. When you’re signing in to a secured website, it may send a code to your phone via SMS, which you have to enter on the site in addition to your login details. Fraudsters could send you fake SMS messages asking for this code.

What to do if you’ve been a victim of SMS phishing

Fraudsters can employ sophisticated measures to convince you to part with your personal information. If you’ve been a victim of SMShing – or suspect that you may be – here’s what you can do.

  • Report it to Action Fraud, the centre for reporting fraud and cybercrime in the UK.
  • Let your bank and credit card providers know, and ask for your debit and credit cards to be cancelled and replaced.
  • Check your Equifax Credit Report and Score – free for the first 30 days, then £14.95 monthly after that, it gives you ongoing online access to your credit report, and notifies you if there have been any significant changes, such as applications for credit made in your name that you weren’t aware of.
  • Check that you’re aware of some key methods of avoiding identity theft, to try to prevent it from happening again.

Related Articles