WEB AND MOBILE FRAUD
Smishing scams on the increase
Parcel and package delivery scams are the most prevalent type of ‘smishing’ text messages, according to new data.
The data provided to UK Finance by cyber-security company Proofpoint shows that over a 90-day period the number of scam texts pretending to be from a delivery firm represented more than half of all smishing – a text message form of phishing scam - attempts, with those pretending to be from a bank or other financial institution representing around a third.
Proofpoint operates the 7726 text message system on behalf of mobile phone operators, which allows customers to report suspicious texts. The numbers 7726 on a keypad spell out the word ‘SPAM'.
Smishing is a technique that criminals use to target consumers with texts impersonating trusted organisations. These text messages often contain a link to a fraudulent website that replicates a legitimate site, asking the victim to enter personal and financial information.
Each year within the UK, the company receives millions of text messages reported as spam.
Proofpoint found that in the 30-day period up to July 14th this year, scam texts related to parcel and package delivery stood at 67.4 per cent, compared to texts purporting to be from banks or financial institutions, which stood at 22.6 per cent of all scam texts.
For the 90-day period up to July 14th parcel and package delivery texts accounted for more than half (53.2 per cent) of all scam texts detected by Proofpoint.
This compares to 36.8 per cent of scam texts purporting to be from banks or financial institutions for the 90-day period.
Scam texts impersonating government entities accounted for just 0.4 per cent of scam texts in the 30-day period and 1.1 per cent over the 90-day period. Smishing attacks classed as ‘other’ accounted for 9.6 and 8.9 per cent over the 30 and 90-day periods respectively.
Malicious texts are often part of a wider scam, according to analysis from UK Finance. If someone clicks on a link and provides information, they may then get a phone call from someone claiming to be from their bank.
Exploiting the personal and financial information provided in the text message, the person offers to help safeguard funds by trying to convince someone to transfer money into a “safe account”, which is in fact an account run by the same criminal that sent the original text message.
Reports to the 7726 system are being used by the National Cyber Security Centre (NCSC) to take down fraudulent website URLs and prevent further fraud losses.
Katy Worobec, managing director of economic crime at UK Finance, said: “Criminals are experts at impersonating a range of organisations and have capitalised on the pandemic, knowing that many of us will be ordering goods online and awaiting parcel deliveries at home.
She added: “We are urging people to follow the advice of the Take Five to Stop Fraud campaign and to always stop and think whenever you get a text message out of the blue before parting with your information or money."