Crime – “Smishing” – A new word to worry about?
We’ve just got used to “Phishing” – the practice of using fraudulent e-mails and copies of legitimate websites to extract financial data from computer users for purposes of identity theft. Now a new word has arrived. “Smishing” – the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.
Fraudulent text messages have grown significantly during the past year. They are often mimicking banks or delivery companies. Cyber security company Proofpoint reports a 700% growth in the past six months. Which? reckons that the growth is down to more businesses using SMS messages and more scammers mimicking them.
But Which? feels that part of the problem is that the tone and language used in some genuine messages makes them look suspicious and as well as worrying recipients is also making it harder to spot the fraudulent ones.
It wants to introduce an SMS Best Practice Code and recommends that businesses using SMS communication:
Be clear and consistent – this is so customers can become familiar with the types of messages a company sends and know what to expect.
Don’t use hyperlinks unless absolutely necessary – scammers rely on getting people to click on links so it’s best if companies don’t use them at all. However, in some situations, including links can be more convenient for consumers, so in these cases businesses must use easily verifiable URLs so consumers can check they are legitimate.
Don’t include phone numbers to call back – businesses should instead ask consumers to look up the number independently to call back.
Be careful with personal information – businesses should address you by name if possible as scammers usually use generic greetings, but any other personal information (such as email addresses, account numbers, postcodes) should be at least partially redacted so that your data is not at risk if anyone else sees the message.
Be careful with tone and language – it’s important that businesses don’t use language and tone that creates a sense of urgency or panic as this is what scammers do as well.
The Which? guide to spotting SMS scams can be found here.