Every user has at least once in their life received an unwanted text message promising a prize, a free cruise or a particularly convenient electricity rate. These are scam SMS sent by criminals to try to steal personal data, even reaching their victims’ savings. This type of message is also called smishing, meaning SMS phishing. They may seem easy to manage – explains Panda Security – a company specializing in security, but just clicking on the wrong link can lose large amounts of money; as 2020 data shows: 86 million euros were stolen via an SMS scam.
How Message Smishing Scams Work
They usually contain a link to a fraudulent site as similar as possible to the original and structured in such a way as to record the data that the unsuspecting user enters. Other SMS scams try to get attention with promises of big wins or profits, such as cash prizes or gift cards from famous brands. There are many ways this fraud is perpetrated, but the goal is always the same: sensitive data and money.
Also Read: How Scammers Catch Small & Medium Enterprises (SMEs)
Just Open The Message To Become A Victim?
No, it’s not enough to “open” or read the spam or phishing message; you need to click on the link or attachment and enter your data on a fraudulent site (or download malware without realizing it). Scams can vary greatly, so it’s helpful to know the main ones to identify common elements and highlight what hackers leverage to deceive recipients. Here are six examples of threats:
- The Detained Package Scam – Message example: Hi, your package has been held at our shipping center. Please follow the instructions here: [fraudulent link follows].
- The blocked checking account – Message example: We have suspended your banking accounts for suspected fraud. Thank you
- You have won a prize – Sample message: Dear Euronics Competition Winner, We are pleased to inform you of the award. Select your product here: [fraudulent link follows]
- Security problems relating to the account – Message example: Dear customer, a problem has occurred with your account. To continue accessing the apps, updating the data at the following link is mandatory: https://bit.ly/webISP. Best regards, Intesa San Paolo
- INPS message – Message example: Bank transfer order from INPS with identification number 08124880 failed.
- Message from the Ministry of Health on the Green Pass – Message example: Your COVID-19 green certification appears to be cloned; identity verification is required at dgcgov.valid-utenza.com to avoid blocking.
How To Recognize A Fake Text Message
Most scam SMS contains some easily identifiable elements that can help users recognize them:
- The message is irrelevant: the user has no reason to expect the received message, which is unrelated to any activity undertaken in the last few days.
- The message conveys a certain urgency: an emergency is communicated in the text, and requests to intervene as soon as possible to avoid disastrous consequences.
- The sender is an unknown number: the number is not in the phonebook or contains fewer digits than a regular phone number.
- The SMS contains spelling and grammatical errors: in most of the examples chosen by Panda, the smishing messages are poorly written both stylistically and grammatically and sometimes also contain gross spelling errors, such as wrong double consonants or the Z instead of the S.
- The message contains a suspicious link: fraudulent links often start with the HTTP prefix (without the final S) or are short URLs such as ly or simulate the name of the authentic company by inserting other words or letters, such as Unicredit-bank – italia.com.
How To Defend Yourself Against SMS Scams
- Opt out of advertising communications from the companies and stores where you shop. Most services rely on third-party partners for marketing; for example, they may manage contact lists illegally by sharing them with other organizations. This is how cell phone numbers end up in scammer databases.
- Download call-blocking apps like Hiya, Nomorobo or Truecaller
- Please don’t reply to unsolicited messages, even ask to stop receiving them.
- Do not share personal and financial data via SMS link.
- For example, don’t share your phone number and email address online to participate in offers or access content behind paywalls.
- Periodically update your phone’s operating system.
The number of SMS scams, spam, and smishing messages is rising, so it’s important to learn how to identify them and know what to do to protect yourself. Another defense is the ability to filter messages and calls through your smartphone based on the number and caller ID.
Activate the block from the phone settings so if the ID matches one of those on the blocklist of the phone manufacturer or your telephone operator, the incoming call or spam SMS will be blocked. It is important to pay attention to the telltale signs highlighted and to trust your intuition: if a message is suspicious, it is almost certainly fraudulent.
Also Read: Online Scam Report: How To Do It