‘Smishing’: the new SMS fraud

‘Smishing’: the new SMS fraud
(Image credit: Shutterstock)

While most people now know to ensure they have antivirus software to help protect themselves from malware, fraudsters are getting more clever, and are now turning their attention to SMS fraud.

As one door closes, another inevitably opens. The battle to lock out fraudsters and scammers is seemingly endless. The UK trade body UK Finance says we are now losing more than £1m a day to bank fraud – more than £207m in the first six months of 2019 alone. As this issue continues to become more widespread, banks are becoming increasingly reluctant to compensate fraud victims if the latter may have unknowingly authorising fraudulent activity to take place.

About the author

Jeroen Van Glabbeek is the CEO at CM.com.

A large proportion of fraud happens through push scams – those where a bank customer is deceived into revealing personal information. ‘Phishing’ has been around since the dawn of the internet, with scammers using email to convince somebody they are legitimate.

Then came ‘vishing’ – the telephone equivalent of phishing – with callers pretending to be employees from a bank or financial institution.

Smishing - the new SMS fraud

Most of today’s consumers would be relatively confident in their ability to sniff out ‘phishing’ and ‘vishing scams. But now there is ‘smishing’. The relatively new phenomenon of ‘smishing’ is the fraudulent practice of sending text messages or SMS, purporting to be from reputable companies, such as banks, to trick individuals into revealing their personal information, such as online banking passwords or credit card numbers. What’s more, SMS messages are used to access the workplace, to download software or share invoices. In other words, successful ‘smishing’ could lead to financial distress, loss of personal data and even a malware infection

‘Smishing’ is particularly perilous as consumers don’t expect a simple text message to be unsafe. What’s more SMS open rates are as high as 98%, which makes text messages extremely effective in reaching a global audience of all ages and walks of life which makes it extremely lucrative for fraudsters.

Who’s responsible for the fight against ‘smishing’?

Consumers are pretty clued up on how to spot a ‘smishing’ scam if it is coming from an obviously fake URL. However, if a ‘smishing’ attack can be made to look and appear genuine, it immediately lowers a user’s guard (if they notice a call is coming from a bank, and is registered as a bank, there is little reason to doubt that it is, in fact, coming from a bank - even when it isn’t). Unfortunately, banks and telecom companies have been slow to recognise the threat and respond to the ‘smishing’ phenomenon.

In the UK, such a laissez faire attitude is no surprise when, in 2015, the Financial Ombudsman Service (FOS) ruled that banks were not responsible for Vishing fraud (or voice phishing) as customers had, in effect, given their own money away. It’s very similar to ‘smishing’. It’s often down to banks or fintech firms to decide on individual cases whether they compensate the victim. However, any instances of fraud tend to have a knock-on effect on reputations of all businesses involved in such a scam – be it an e-commerce company, a shared economy platform, a retailer or any other business with credit card processing capabilities being unknowingly caught up in the event of a fraudulent online payment / transaction. 

Keeping customers safe and secure 

As more and more businesses are discovering the transformational power of Conversational Commerce; it is becoming increasingly important to ensure that omnichannel customer communications remain secure and ‘smishing-proof’. As SMS remains an important element of unified communications for many businesses around the world – it is important to remember that this means of communication does not allow the recipient to confirm the identity of the sender – unless SMS has been carefully integrated into a Conversational Commerce ecosystem that uses SMS Firewalls and other anti-phishing techniques. 

Beware of prize competitions requiring mobile numbers, non-secure online marketplaces and data leaks, all of which all playing into the fraudsters’ hands. A new phenomenon called ‘spear fishing’, whereby criminals are targeting specific groups of people working for a specific company or a department, has even a higher success rate, as messages can be better tailored to the target recipients’ expectations.

Rich Communications Services (RCS), on the other hand, are rapidly providing secure phone numbers for businesses and consumers. In contrast to simple text messaging, RCS has the ability to verify a senders’ identity.  The message will show a user’s logo at the top of a conversation, along with their official brand name, brand colour and a User Interface (UI) indication to designate the verification status, such as a check mark. Google's Early Access Program for RCS Business Messaging is an initiative which enables businesses to send richer, more interactive and useful messages to customers in a way that is secure vis-à-vis to SMS messages that offer a very basic experience for consumers and businesses alike. 

Additionally, popular social media platforms and mobile chat apps offer a much more secure customer communication channel that can be further secured within a purpose-built omnichannel Conversational Commerce platform designed with the ultimate customer engagement and cyber security features in mind. 

Fighting future fraud 

Today’s customers are more demanding than ever before and have the expectation that businesses will take responsibility when things go wrong. Businesses are expected to have a level of corporate responsibility and show that they care about consumers as much as they care about profit. Conversational Commerce is the secret weapon that can solve these issues before they happen. Not only it is configured to help prevent ‘smishing’, ‘vishing’, ‘phishing’ and ‘spear fishing’ as all senders are verified every step of the way – it also enables superior customer experience.

Businesses can use Conversational Commerce across multiple channels and choose the recipient’s preferred channels to chat. This fosters a conversational approach, offering a two-way dialogue between the customer and brand owner based on Artificial Intelligence (AI) learning of their past decision-making processes ensuring customers get relevant content they actually care about. Which saves time for customers and facilitates business growth for companies – all while putting smiles on customers’ faces. 

Responsible and modern businesses are able to adapt and evolve to the challenges, and inevitable threats, that new technology throws at them. Conversational Commerce is the ideal counterpart solution that kills ‘two birds with one stone’: keeps customers happy and fraudsters – at bay.

Jeroen Van Glabbeek

Jeroen Van Glabbeek is the CEO at CM.com. 

He founded CM.com in 1999 together with his friend Gilbert Gooijers under the initial name ClubMessage. Their idea was to introduce SMS Marketing in the Netherlands for clubs and discotheques. This went very well and within a few years we reached almost one million young people a week by SMS and they served a thousand disco's in the Netherlands and Belgium.