Smishing (SMS-phishing) – Identity fraud via SMS messaging

by | Sep 29, 2017 | Business Mobile, Management & Support, Security

Almost one in every two crimes is a fraud or cyber crime says Cifas, the fraud prevention body – so what is Smishing?  


Cifas’ Fraudscape 2017 reports the highest ever recorded number of identity fraud cases in 2016 – almost 173,000. Telephone takeover fraud represented 50% of bank account fraud, as 2016 saw fraudsters targeting mobile phone accounts in various ways, including obtaining upgrades.

Beyond phishing (emails) and vishing (voice phishing), we now have the added concern of fraudsters obtaining personal information via SMS phishing, referred to as smishing.

Working in much the same way, fraudsters execute the scam via Short Message Service (SMS). Mostly, these are time-sensitive and with a sense of urgency or panic.

Smishing scammers aim to get personal information such as account details and passwords, or to get victims to click on a link that gives the scammers access to this kind of information. They may also try to get the victim to reply to a text that charges a few.

By pretending to be close friends, employees or even officials from their banks, victims believe the text is genuine, requiring immediate action. This could be a claim of an account freeze or imminent arrest and inevitably leads to the giving away of personal and potentially damaging information and fraudsters getting away with stealing thousands of pounds.

A softer approach by Smishers is to use number spoofing. This makes text messages appear as though they are from a trusted source and are therefore real. Such texts are more likely to receive a response.

The scam is difficult to defend against and even harder to prove. In March, three Santander customers lost a combined total of £36,300 (€41345.31) to a smishing scam. The victims’ fraud claims were refuted by their banks, as it was argued security details were given willingly to a third party.

How to protect against Smishing scams

Mobile users can protect against smishing by setting up two-factor authentication, by using multiple passwords and being aware that banks will not ask for personal information such as a PIN number.

Blocking suspicious numbers and not answering a text from a number you do not recognise, is also an effective way of protecting yourself. Be aware of the risks and know what to look out for.

Texting is one of the most common uses of smartphones and the mistakes users make is the assumption their smartphones are more secure than their email accounts, when in fact, they are just as vulnerable to identity fraud scams through this means.

MF Telecom Services is a leading UK business telecoms solutions provider specialising in VOIP Telephone Systems, Telephone System Maintenance, Voice Communications, Business Mobiles, Business Broadband Connectivity and Business IT Support with Cyber Security. MF Telecom Services has grown into a successful company in its own right, maintaining the ethos of excellent customer service and quality products & services.

Contact us, or call 01892 577 577 to find out how we can help you and your business.