Australians are being bombarded with a new type of fraud where victims are sent text messages asking for personal information. This personal information is then sold. The Australian Competition and Consumer Commission’s Scams Awareness Week will take place from November 8 to 12 2021. This year’s theme is Let’s Talk Scams. Smishing, also known as SMS phishing, is a scam in which cyber thieves act as legitimate organisations such as banks or delivery services and request mobile phone users to click a link.
In September of last year, two men from Sydney were arrested on suspicion of SMS phishing. They were accused of sending over 49,000 messages to customers in a single week.
Dynamic Business spoke with Ben Mostafa, Chief Technology Officer at a mobile messaging solution for businesses, MessageMedia, about smishing fraud warnings and how businesses can avoid it.
“SMS communications have an important role to play, allowing trustworthy businesses and organisations to communicate information to you, but this can be used to take advantage of those susceptible to attacks,” Ben said.
“Businesses need to be aware of best practices to minimise the threat to their customers. Suppose you have received an SMS that you are unsure of. In that case, we urge individuals not to share any sensitive information until they can verify the sender, scrutinise any URLs, and be careful not to click on links unless you are confident they are legitimate.”
“It is important that businesses follow best practices to protect their customers from SMS scams. Unfortunately, in peak marketing periods, there is an increase in the number of scams across SMS, email, and other forms of communication.”
“We strongly urge businesses to follow best practices to minimise the threat of these to their customers and encourage individuals to be vigilant during these times,” Ben added.
What are the different kinds of fraud?
Phishing: “Phishing is the fraudulent attempt of sending communications (mainly email) pretending to be a reputable organisation or company to induce individuals to reveal personal information.”
Smishing : “The same as phishing scam except cybercriminals will use SMS or text message-based communications to get individuals to reveal personal information.”
Spoofing: “This is when a malicious party disguises themselves as another person, organisation, or device (say, family member’s phone). They then launch attacks to steal data, spread their malware, or bypass access controls such as two-factor authentication.”
How do you know whether it’s a smishing scam?
While many scams can be carried out via email, websites and social media, many emerging scams have been SMS-related.
“We strongly urge businesses to follow best practices to minimise the threat of these to their customers and encourage individuals to be vigilant” said Ben.
According to the ACCC, the following are the five indicators that a message is a fraud.
- Scammers can make messages look real: Scammers can ‘spoof’ real phone numbers or email addresses to make it appear that they come from your actual bank or another legitimate contact.
- It has a malicious link: The SMS contains a link to a phishing website. These websites attempt to trick you into giving out personal information such as your passwords and credit card numbers.
- Verify the URL: The address bar appears at the top of your web browser, and the numbers and letters that make up the URL are the directions to the website or webpage.
- It’s not secure: Legitimate sites containing sensitive information will use HTTPS, not HTTP, but don’t rely on this alone — some scam sites use HTTPS too.
- It has a sense of urgency: Scams often try to create a sense of urgency. Don’t rush — take the time to think about what the message tells you to do and consider whether it’s real.
How to avoid smishing scams?
Verify the sender & avoid sharing sensitive information:
Remember, most reputable businesses, organisations and agencies will NOT ask for sensitive information, donations, or request money through a SMS. If they are, it may be fraudulent.
Scrutinise the URL:
If it looks like it’s coming from a reputable organisation, search them online and confirm their website link against the one received. In addition, you can also contact the organisation to confirm that they sent the message.
Be careful clicking:
Most SMS phishing scams will be unsolicited and often include a link encouraging you to click through. They aim to get you to install their malware or share your personal information with them, such as account details.
Target scams on the rise
Delia Rickard, Deputy Chair, ACCC, Scams Awareness Network, said: “Australians lost over $850 million to scams and made 444,164 scam reports in total in 2020.”
Based on this combined data, the scams causing the most financial harm to Australians in 2020 were:
- $328 million lost to investment scams
- $131 million lost to romance scams
- $128 million lost to business email compromise (payment redirection scams).
According to the report, the top three categories of reports to Scamwatch were phishing, threats to life, arrest or other threat-based scams and identity theft. Reports in these categories often involved the impersonation of government agencies to obtain personal information or demand money.
“For the first time, Victorians had the highest reported losses to Scamwatch, with losses of $49,096,516 (an increase of 115% from 2019 losses),” Delia said.
- In 2020, combined financial loss to investment scams was a record $328 million.
- For the banks, Scamwatch and ASIC, it was the category with the highest losses.
- Scamwatch reports increased by 63% to 7,295, and losses rose slightly to $66 million.
- Almost 34% of people who reported an investment scam lost money, with an average loss of $26,713.
According to the ACCC, phone scams continue to be the most common and successful way for scammers to target victims in terms of financial loss. Both the number of reports and the amount of money lost to phone fraudsters increased by 48% over the previous year. The total amount of money lost due to phone-based fraud increased to little more than $48 million.
Phone, email, and text messaging were the top three methods scammers connected with individuals in 2020. In October 2020, Scamwatch received over 17,000 phone-based scam reports, a record high.
Source: Dynamic Business