The latest cyber-scam to hit the headlines is smishing, in which fraudsters gain access to your electronic banking details through a text message that appears to come from your bank.

The reason it is in the news is that Santander has refused to refund more than £36,000 lost by three customers due to smishing – on the grounds of negligence. These were consumer accounts, but business accounts are just as vulnerable. This makes it very important that you protect yourself against falling for smishing scams in the first place.

What is smishing?

Fraudsters send text messages that appear to be coming from your bank. The text messages may claim to come from the Fraud department, and warn that your account has been compromised or that someone is trying to access your account from another device. The text message will ask you to click on a link to update personal details, or it will give you a telephone number and ask you to call it urgently.

You may be convinced that the text is genuine because it appears on an existing thread of genuine messages from the bank. Do not be fooled: fraudsters can do this by using a tactic called ‘number spoofing’.

Once you have contacted them, they will ask for your bank details or trick you into resetting your password and giving them the one-time-only PIN sent to your phone. That gives them full access to your bank account and allows them to set up a password and lock you out of the account.

How to protect yourself against smishing

  • Never, ever, share personal or security details such as your PIN, password or other logon information. No real bank, credit card company, or other financial institution will ever ask you to.
  • Don’t assume a text message is genuine, even if it appears in an existing thread. And don’t be flummoxed into responding immediately to a message, when you may not be thinking clearly.
  • Never click on a link or call a number that is sent to you in a text. If you want to set your mind at rest, call the Fraud Department number that is on the back of your bank card or published in your bank’s website.

‘Cyber-criminals are getting better and better at creating convincing-looking fake emails and text messages,’ said Barrie Giles, Managing Director of Firstline IT. ‘They also confuse people by insisting that they should respond urgently. The way to avoid being caught out by scams such as these is to keep calm, phone your bank on a number you know and stick rigidly to cyber security principles of never giving anyone your logon details.’

About FirstLine IT

FirstLine IT is an expert IT services company providing IT support to small and large businesses in Oxford and the UK. Based in Oxfordshire, we provide IT support, cybersecurity protection, cybersecurity staff training, IT relocation services, disaster recovery and more.