The latest cyber-scam to hit the headlines is smishing, in which fraudsters gain access to your electronic banking details through a text message that appears to come from your bank.
The reason it is in the news is that Santander has refused to refund more than £36,000 lost by three customers due to smishing – on the grounds of negligence. These were consumer accounts, but business accounts are just as vulnerable. This makes it very important that you protect yourself against falling for smishing scams in the first place.
Fraudsters send text messages that appear to be coming from your bank. The text messages may claim to come from the Fraud department, and warn that your account has been compromised or that someone is trying to access your account from another device. The text message will ask you to click on a link to update personal details, or it will give you a telephone number and ask you to call it urgently.
You may be convinced that the text is genuine because it appears on an existing thread of genuine messages from the bank. Do not be fooled: fraudsters can do this by using a tactic called ‘number spoofing’.
Once you have contacted them, they will ask for your bank details or trick you into resetting your password and giving them the one-time-only PIN sent to your phone. That gives them full access to your bank account and allows them to set up a password and lock you out of the account.
‘Cyber-criminals are getting better and better at creating convincing-looking fake emails and text messages,’ said Barrie Giles, Managing Director of First Line IT. ‘They also confuse people by insisting that they should respond urgently. The way to avoid being caught out by scams such as these is to keep calm, phone your bank on a number you know and stick rigidly to cyber-security principles of never giving anyone your logon details.’