Australians are being bombarded with a new type of fraud in which victims are sent text messages asking for personal information, which is then sold.
The Australian Competition and Consumer Commission (ACCC)’s Scams Awareness Week, will take place from November 8 to 12, 2021, and this year’s theme is Let’s Talk Scams.
Smishing, also known as SMS phishing, is a scam in which cyber thieves act as legitimate organisations such as banks or delivery services and request mobile phone users to click a link.
In September of last year, two men from Sydney were arrested on suspicion of SMS phishing. They were accused of sending over 49,000 messages to customers in a single week.
Dynamic Business spoke with Ben Mostafa, Chief Technology Officer at a mobile messaging solution for businesses, MessageMedia, about smishing fraud warnings and how businesses can avoid it.
“SMS communications have an important role to play, allowing trustworthy businesses and organisations to relay important information to you during times of concern, but this can be used to take advantage of those susceptible to attacks,” Ben said.
“Businesses need to be aware of best practices to minimise the threat to their customers. Suppose you have received an SMS that you are unsure of. In that case, we urge individuals not to share any sensitive information until they can verify the sender, scrutinise any URLs, and be careful not to click on links unless you are confident they are legitimate.
“With the overall increase of marketing communications over the past 18-months, there will be an increase in the number of SMS communications from businesses and brands.
“It is important that businesses follow best practices to protect their customers from SMS scams. Unfortunately, in peak marketing periods, there can be an increase in the number of scams across SMS, phishing, email, phone calls and other forms of communication.
“We strongly urge businesses to follow best practices to minimise the threat of these to their customers and encourage individuals to be vigilant during these times,” Ben added.
What are the different kinds of frauds?
Ben provided the following definitions:
Phishing: “Phishing is the fraudulent attempt of sending communications (mainly email) pretending to be a reputable organisation or company to induce individuals to reveal personal information.”
Smishing: “The same as phishing except cybercriminals will use SMS or text message-based communications to get individuals to reveal personal information.”
Spoofing: “This is when a malicious party disguises themselves as another person, organisation, or device (say, family member’s phone). They then launch attacks to steal data, spread their malware, or bypass access controls such as two-factor authentication.”
How can you know whether it’s SMS fraud?
While many scams can be carried out via email, websites and social media, many emerging scams have been SMS-related or utilise Smishing (or text message phishing) techniques.
“We strongly urge businesses to follow best practices to minimise the threat of these to their customers and encourage individuals to be vigilant during these times,” said Ben.
According to the ACCC, the following are the five indicators that a message is a fraud.
- Scammers can make messages look real: Scammers can ‘spoof’ real phone numbers or email addresses to make it appear that they come from your actual bank or another legitimate contact.
- It has a malicious link: The new SMS contains a link to a phishing website. These types of websites attempt to trick you into giving out personal information such as your bank account details, passwords and credit card numbers.
- Verify the URL: The address bar appears at the top of your web browser, and the numbers and letters that make up the URL are the directions to the website or webpage.
- It’s not secure: Legitimate sites containing sensitive information will use HTTPS, not HTTP, but don’t rely on this alone — some scam sites use HTTPS too.
- It has a sense of urgency: Scams often try to create a sense of urgency. Don’t rush — take the time to think about what the message tells you to do and consider whether it’s real.
How to avoid these scams?
Verify the sender & avoid sharing sensitive information:
Remember that most reputable businesses, health organisations, or government agencies will NOT ask for any sensitive information, call for donations, or request money through a simple SMS. If they are, they may be fraudulent.
Scrutinise the URL:
If it looks like it is coming from a reputable organisation, you can search for them in your browser and check its actual website link against the one offered to you. In addition, you can also contact the organisation to confirm that they sent the message and that it’s their dedicated SMS number.
Be careful clicking:
Most SMS phishing scams will be unsolicited and often include a link encouraging you to click through. They aim to get you to install their malware or share your personal information with them, such as account details.
Target scams on the rise
Delia Rickard, Deputy Chair, ACCC, Scams Awareness Network, said: “Australians lost over $850 million to scams and made 444,164 scam reports in total to Scamwatch, ReportCyber, other government agencies, banks and payment platforms in 2020.
Based on this combined data, the scams causing the most financial harm to Australians in 2020 were:
- $328 million lost to investment scams
- $131 million lost to romance scams
- $128 million lost to business email compromise (payment redirection scams).
According to the report, the top three categories of reports to Scamwatch were phishing, threats to life, arrest or other (threat-based scams) and identity theft. Reports in these categories often involved the impersonation of government agencies to obtain personal information or demand money.
“For the first time, Victorians had the highest reported losses to Scamwatch, with losses of $49,096,516 (an increase of 115% from 2019 losses),” Delia said.
- In 2020, combined financial loss to investment scams was a record $328 million.
- For the banks, Scamwatch and ASIC, it was the category with the highest losses.
- Scamwatch reports increased by 63% to 7,295, and losses rose slightly to $66 million.
- Almost 34% of people who reported an investment scam lost money, with an average loss of $26,713.
According to the ACCC, phone scams continue to be the most common and successful way for scammers to target victims in terms of financial loss.
Both the number of reports and the amount of money lost to phone fraudsters increased by 48 per cent over the previous year. The total amount of money lost due to phone-based fraud increased to little more than $48 million.
Phone, email, and text messaging were the top three methods scammers connected with individuals in 2020. In October 2020, Scamwatch received over 17,000 phone-based scam reports, a record high.