terovesalainen - stock.adobe.com

Smishing attacks up sevenfold in six months

Scam text messages are reaching pandemic proportions, thanks in part to the pandemic

The volume of scam text messages – commonly known as smishing scams – sent to UK mobile customers during the first six months of 2021 grew by close to 700% compared with the last six months of 2020, according to new data from consumer affairs organisation Which?.

Which?’s data, which is drawn both from its own Scam Sharer service and the 7726 (S-P-A-M) reporting service run by Proofpoint, reveals how the Covid-19 pandemic has spurred fraudsters and cyber criminals to take advantage of consumers’ increased reliance on digital services, and the UK has been particularly hard hit – reports of smishing scams in this country are more than 15 times higher than in the US.

As a result, Which? is today launching a guide, which can be downloaded here, with support from multiple organisations, to help businesses protect their customers and differentiate their legitimate texts from fake ones. Some of the tips include avoiding the use of hyperlinks if possible, not including phone numbers, and protecting their SMS Sender ID so that it cannot be spoofed.

“Smishing attempts have risen dramatically – with fraudsters taking advantage of the pandemic to trick consumers into giving away personal details and transferring their hard-earned cash,” said Rocio Concha, director of policy and advocacy at Which?.

“Businesses must play their part to protect people from scams. Our SMS guide aims to help organisations differentiate their texts from the scammers impersonating them, so consumers can more easily recognise scam SMS messages.

“We welcome the commitment by the businesses that have signed up to our guide and hope this will encourage more organisations to consider how they can better protect their customers from fraud.”

Which? said the prevalence of such scams was making it harder and harder for ordinary people to tell genuine business texts from fake ones, and making the majority of people – 71%, according to polling conducted by Opinium for Which? in May – wary of any communications at all.

Among the brands commonly impersonated in smishing scams are banks, delivery companies, retailers and communications services providers, but Which? and Proofpoint’s data shows that it is parcel delivery and banking scams that are the most prevalent because both sectors do make use of legitimate text messages to contact customers.

Of these, parcel delivery scams are by far the most common, occurring at a ratio of three to one compared with banking scams. Delivery providers DPD and Hermes have both signed on to adopt the guide, as well as Barclays and TSB banks.

Other supporters of the initiative include mobile industry trade body Mobile UK, AICES, which represents delivery companies, and international consumer affairs association Consumers International.

Read more about consumer security

  • Study of UK consumers reveals worries over an uptick in cyber crime and a lack of trust in Boris Johnson’s government.
  • If your email password is still Rex, Rover or Mr Fluffles, it’s probably best to change it, the NCSC has said.
  • New figures from the National Fraud Intelligence Bureau show a threefold spike in reported financial losses to fraud and cyber crime in the first six months of 2021.

Read more on Hackers and cybercrime prevention