Genome’s team is back with yet another article that dives into different types of fraudulent financial situations that people and businesses can face. And this time, card-not-present fraud is on the agenda. Want to know how to avoid scams associated with card-not-present transactions? We gathered some tips below. What is a card-not-present transaction? Before we get to the fraud part, let us first explain what card-not-present transactions are in general. Card-not-present transactions (also known as CNP transactions) are the type of payments a person makes with their debit or credit card. Such payments happen remotely, meaning that the card and
Today, people are very accustomed to online banking services, using them daily. Unfortunately, this also means some of them get too comfortable and throw caution out of the window when performing basic online financial operations. It opens a door for fraudsters and scammers that want to steal your funds and data. And although global cyber security efforts are high, it is impossible to prevent each and every threat.
Today, Genome wants to draw attention to the smishing scam, explain how it works, and advise on smishing prevention.
Smishing: meaning of the term
So, if you hear the word “smishing” in the context of fraud, you are likely to recall the term “phishing” – and you will be right! As smishing is a combination of the words SMS (as in texting) and phishing.
The definition of smishing is the following: it is a scam attack during which fraudsters use text messages to trick people into giving them personal information or downloading malware. SMS smishing is not the only threat, as malicious actors can also contact people via social media messaging apps. The definition was first introduced in 2006 by McAfee Inc., which is an internet security software. And since then, the problem with smishing fraud cases only grew, accelerating during the pandemic. One of the most staggering examples comes from the US. According to Proofpoint, they processed more than 80% of North America’s mobile messages and found out that smishing increased by a whopping 328% in the third quarter of 2020 compared to the previous quarter. And during these smishing attacks, fraudsters most commonly impersonated representatives of financial institutions, with online marketplaces being the second most popular option.
Companies are targeted by smishing fraud schemes as much as individuals. For instance, the 2022 survey of IT professionals and other employees revealed that 76% of businesses worldwide had to deal with smishing.
Because smishing text messages are typically short, scammers have to rely on a person’s trust to reveal the information or click on the link. Thus, they have to be convincing, which often makes them pose as company representatives, including banking employees.
Another type of scam you need to learn about before proceeding is vishing. As you might have guessed, it is a form of phishing where voice messages are used, which means that scammers may call you or leave a voice message to pressure you into revealing personal information. Vishing can be used in conjunction with smishing: for instance, a fraudster can first send you a text message and then, if you don’t respond, call you to create a sense of urgency.
Examples of smishing text messages
To better understand how smishing works, let us provide some examples so it is easier for you to recognize that you have received a suspicious message in the future. All the companies mentioned in the examples are made-up.
Take notice that fraudsters rely on common tactics when conducting a smishing attack:
- They pose as a well-known or reliable company, services which you use or consider using, to establish a sense of trust;
- They offer something you might be interested in or alert you that something is going on with a company you use. This way, they make text messages more personalized;
- They create a sense of urgency by implying that you need to act quickly, or something bad may happen, or you will miss out on the opportunity.
You receive a text from a seemingly well-known online shopping company, PopsStop. Here’s the message:
“Get a coupon to receive a 50% discount on the all-new Summer 2023 collection! The limited offer is only available for a week! Get your coupon here: [link].“
Let’s examine this smishing text message. First, they introduce themselves as a popular online store, which you are likely to have heard of or even used. They offer a lucrative deal – a massive discount for a new clothes collection. And they urge you to get a coupon as soon as possible, as the offer ends within a week.
It is how this smishing scam is likely to play out if you click the link. You will either:
- Unknowingly download malware to your phone;
- Be redirected to the fake website of the company, where you will be asked to sign in to receive a coupon. The information you input during registration will be stolen and used maliciously.
You receive a Facebook message, which seemingly comes from your financial provider, FinBankSupreme. The message reads:
“Good afternoon! My name’s Clara Sullivan, I’m an account manager at FinBankSupreme. We have noticed suspicious activity inside your bank account. Please confirm that you have used your account recently via the confirmation link [link]. Otherwise, we would have to lock your account with immediate effect.“
This smishing attack is more intricate, let us explain. First and foremost, the fraudsters created a fake profile of your financial institution that looks believable at first glance. In the smishing text message, they even give a fake employee name to make the message seem more legitimate. Next, they present an urgent matter by lying that someone may have tried to log into your bank account. And finally, they try to manipulate you to click the link or risk getting your account locked.
If their smishing attempt is successful, you will go to the fake version of the FinBankSupreme website they created. There, you will need to fill out your login credentials, which fraudsters will use to access your real bank account.
Smishing protection: how to avoid fraud
Any smishing attack can potentially lead to scammers getting access to your banking app. Although fraudsters can pretend to be any type of company during their smishing scams, they can still fish out information that will allow them to log into your bank account.
Thus, it is important to find a reliable financial provider that has security tools in place to protect clients. For instance, Genome enables two-factor authentication for every login, outgoing transfer, and other processes that require confirmation. Our team complies with all major regulations (PCI DSS, PSD2, and GDPR) to ensure the safety of our clients’ data and funds. For more tips on secure mobile banking, please check this article.
Here are the ways to protect yourself from bank smishing and other types of smishing scams:
- Don’t respond or interact with messages from unknown phone numbers;
- If the phone number is visible, check if it is legit in the phone database;
- Be vigilant, and don’t rush into things. Any time you receive a text or a social media message that requires your response or for you to click on the link – read it carefully first;
- Don’t click on the links, even if the message comes from a company you are familiar with. For instance, if it is from a store that promotes seasonal sales, just go directly to their website (without clicking the link in the message) and check them for yourself. Ensure that you visit the official website and that it uses SSL/TLS encryption – the website will either have a padlock symbol at the beginning of its URL or its URL will start with HTTPS.
- If you receive a message from your financial provider that requires your action, do not respond to the message or click any links. Instead, log into your bank account through the official website or the app. If the text you received was legit, you would likely get a similar notification or letter inside your account. If you don’t see any notifications regarding the matter – contact your account manager or verified support team employees and explain the situation;
- Do not share any personal, financial details or passwords via text or messenger apps;
- Make sure to come up with unique, strong passwords for every website and app you use, and enable two-factor authentication for them;
- Install anti-malware software on all the devices you use;
- Do not store your passwords or financial details on your phone.
What does smishing mean?
Smishing is a combination of SMS and phishing and refers to scams during which fraudsters send texts and messages to people. The scammers’ end goal is to obtain personal information or make a person download malware.
What is a smishing attack?
A smishing attack occurs when an individual or a business receives a smishing text message either via SMS or a messaging app. Using such messages, fraudsters try to manipulate the receiver into clicking a malicious link and/or providing personal information, which scammers then will use to steal more data or money. We listed examples of smishing scams in the article above.
What is an example of smishing?
Imagine this scenario: you receive a text from a number that claims to be your local postal office. In the message, they claim that you have received a parcel, but they can’t give it to you until you verify your identity. To do so, they share a link and ask you to follow it and confirm your personal details. But behind the scenes, it appears that it’s a text from scammers, who pretend to be a postal service, and they want you to fill out your details to steal them and use them to log into your other accounts to obtain your data and/or funds. And this is just one of the examples of smishing fraud cases.
What is smishing in banking?
In banking, smishing occurs when fraudsters pretend to be representatives of a bank or financial institution to fish out personal and financial details of people and companies.
Is it normal for your bank to text you?
Yes, it is normal, but only if you give your financial provider permission to text you, which you can normally do on the bank’s settings page. If you didn’t do so, you better check your settings and not interact with the message. Now, usually, banks send clients texts to inform them about something, and they never ask you about personal details via such a method of communication. We included more information regarding smishing in banking and how to avoid it in the article above.