Title of the document Online Banking Log-In

CYBERCRIMES AND FRAUD

SMISHING


A fraud which targets the users of mobile phones using text messages is referred to as a ‘SMiShing’ scam. Scammers aim to obtain private and confidential information from individuals or encourage them to ring a number or click on a link for more information. Fraudsters may spoof the message onto a genuine message thread.

Each smishing attack uses similar methods, while the presentation may vary significantly. Attackers can use a wide variety of identities and premises to keep these SMS attacks fresh.

Typically, an attacker will claim there is an error with your account and give you steps to resolve it. The request can be as simple as using a fraudulent login page, while more complex schemes may ask you to provide a real account recovery code in an attempt to reset your password. Warnings of a support-based smishing scheme include an issue with billing, account access, unusual activity, or resolving your recent customer complaint.

How do these attacks usually happen?

SMS phishing attacks primarily spread uninterrupted and unnoticed due to their deceptive nature. Smishing deception is enhanced due to users having false confidence in text message safety.

Firstly, most people know about the risks of email fraud. You’ve probably learned to be suspicious of generic emails that say “Hi—check out this link.” The exclusion of an authentic personal message tends to be a substantial red flag of email spam scams.

When people are on their phones, they are less wary. Many assume that their smartphones are more secure than computers. But smartphone security has limitations and cannot always directly protect against smishing.

Another risk factor is that when you’re on your smartphone and on the go, often you’re distracted or in a hurry. This means you’re more likely to get caught with your guard down and respond without thinking when you receive a message asking for bank information or to redeem a coupon.

Regardless of the means being used, these schemes ultimately require very little beyond your trust and a lapse in judgment to succeed. As a result, smishing can attack any mobile device with text messaging capabilities.

Gift Smishing

Gift smishing suggests the promise of free services or products, often from a reputable retailer or other company. These can be giveaway contests, shopping rewards, or any number of other free offers. When an attacker elevates your excitement by proposing the idea of “free,” this serves as a logic override to get you to act faster. Signs of this attack can include limited time offers or exclusive selection for a free gift card.

Invoice or Order Confirmation Smishing

Confirmation smishing involves a false confirmation of a recent purchase or billing invoice for a service. A link may be provided for a follow-up to manipulate your curiosity or prompt immediate action to trigger fear of unwanted charges. Evidence of this scam may involve strings of order confirmation texts or the absence of a business name.

Customer Support Smishing

Customer support smishing attackers pose as a trusted company’s support representative to help you resolve an issue.

Recognising an attack

As with phishing attacks, spotting smishing attacks isn’t always easy. Look for something that’s off or unusual. Here is some advice when receiving a suspicious text:

At present, Bank of St Helena do not use SMS texting to contact customers.

An unexpected scary message

Sometimes, a hacker will try to scare you into clicking an infested link. They might say your bank account’s been compromised or that you have minutes left to change a password. If you get a message like this, always question it – hesitating might just save you from being Smished.

A number you don’t know

We’ve all been taught to be suspicious of strangers, and strange numbers are just an extension of that. If you don’t recognise a number that’s texting you, be cautious. It’s possible the texter’s not who they claim to be.

Ridiculous text

Not all hackers are sophisticated. Some might send a text that has nothing to do with you or that sounds too general to be legitimate.

Identity crisis

Does the person texting you sound off? As if they’re not themselves? If that’s the case, there’s plausible reason, they aren’t themselves at all.

Poor grammar

If the person texting can’t spell your name right, chances are you don’t actually know them. Weird punctuation, capitalisation and syntax are all warning signs.