Using text messages to get you to download a mobile app that steals your information

What is SMS phishing?

It’s when cybercriminals send Short Message Service (SMS) text messages that are designed to steal personal or financial information from you, whether by pretending to be a reputable site, or getting you to download malware onto your phone. They could also try to trick you into giving them the login to your Apple account, if you’ve got one, which would then provide them with your personal data.

Types of SMS phishing scams

Fraudsters can try to pull SMShing scams in various ways. Some examples are as below.

• Competitions. You may receive a text message inviting you to join a competition. What seems like an SMS from a reputable company may really be from a cybercriminal – you’ll usually be asked to enter personal information in order to join the contest or collect your prize. The information is then collected by the fraudsters.
• Verifying credit card transactions. The National Fraud Intelligence Bureau has reported that cyber criminals can pretend to be credit card providers in order to send fake text messages. These SMS messages may ask you to confirm a recent transaction. Your reply will help them to confirm your phone number, which they can then use to call you in order to try to scam you.
• Expensive texts. Whatever their disguise for getting you to text them back, SMS fraudsters could also be charging you a hefty SMS rate for your reply. You could also be automatically signed up for ongoing charges.

Protecting yourself against SMS phishing

Here are some ways to minimise your chances of becoming a victim of SMShing.

• Don’t reply to SMS messages from numbers that you don’t recognise. If in doubt, get in touch with your mobile phone provider to check if certain numbers charge premium rates.
• Don’t share your login, personal or financial details over SMS. Your bank, utility provider or any other genuine company will never ask for sensitive information via text message.
• Watch where you input two-factor authentication codes. When you’re signing in to a secured website, it may send a code to your phone via SMS, which you have to enter on the site in addition to your login details. Fraudsters could send you fake SMS messages asking for this code.

What to do if you’ve been a victim of SMS phishing

Fraudsters can employ sophisticated measures to convince you to part with your personal information. If you’ve been a victim of SMShing – or suspect that you may be – here’s what you can do.

• Report it to Action Fraud, the centre for reporting fraud and cybercrime in the UK.
• Let your bank and credit card providers know, and ask for your debit and credit cards to be cancelled and replaced.
• Check your Equifax Credit Report and Score – free for the first 30 days, then £7.95 monthly after that, it gives you ongoing online access to your credit report, and notifies you if there have been any significant changes, such as applications for credit made in your name that you weren’t aware of.
• Check that you’re aware of some key methods of avoiding identity theft, to try to prevent it from happening again.

Related Articles

• How to spot and avoid travel scams
• Infographic: What is a money mule?
• What is money laundering?
• What is a Ponzi scheme?
• How to report identity theft
• How to protect older people from being scammed
• Using contactless mobile payments and apps
• Safeguard your personal data when using smart home assistants
• Safeguarding your family’s personal data on smart toys
• Infographic: Avoiding festival fraud: crime statistics and festival security
• How your identity could be stolen offline
• Protect against ID theft when making mobile payments
• e-book: Staying safe online
• Infographic: Protecting your children online
• Online Fraud Terminology
• What is anonymous browsing?
• Distributed Denial of Service explained
• How secure is your email?
• Identity theft and fraud explained
• Financial fraud explained
• Best practices for avoiding identity theft
• Stay safe online: Creating a secure password
• Scam avoidance: A few ways to help stay secure
• Infographic: Are smart gadgets putting you at risk of identity theft?
• Helping your children stay safe online
• Should you share your location on social media?
• Safeguard your personal information on video game consoles
• Would you do internet banking on your smart TV?
• How fraudsters use Wi-Fi hotspots to steal data
• How to avoid email fraud
• Preventing your child’s identity from being stolen
• Keeping your personal information secure when moving home
• Protect against identity theft when sharing photos online
• Safeguard your identity on mobile apps
• Your social media profile and identity theft
• What is credit card fraud – can you prevent it from happening to you?
• How fraudsters can hijack your browser
• Safeguard your identity on Facebook and other social media sites
• Going on holiday - keeping your identity safe
• How to prevent smartphone identity theft
• Shopping online – staying safe against identity theft
• How to spot and avoid romance scams
• Facial recognition and identity risk
• Dealing with phishing phone scams
• How cyber attacks happen
• Safer Internet Day – protecting children online
• 7 Signs of Identity Theft
• How to avoid contactless card fraud
• What Are Data Breaches?
• How to Spot a Phishing Email
• ID Fraud Overview
• How Financial Crimes Are Hidden in The Dark Web
• How much do you know about the Dark Web?
• Are you losing your identity?