Will Your Bank Ever Text Message You? — The Rise of SMS Phishing

Key Points:

  • Scammers are increasing their use of SMS in phishing attacks, trying to lure victims into sharing financial and personal information to access their funds.
  • The scam is troublesome for individuals and organizations whose employees lack sufficient cybersecurity awareness.
  • While businesses can’t do much about incoming SMS threats, they can train their employees on how to spot phishing messages.
  • The fraudsters are smart enough and design texts that strike the part of recipients’ brains that feels an instant obligation to fix something immediately.
  • When you get an SMS claiming to be your bank or any other bank, the best way to deal with them is to delete them and avoid clicking any link.

As if the classical email phishing wasn’t impactful enough, there’s an escalating threat involving dodgy text messages. After years of using email to dupe people into disclosing bank information or downloading mobile malware, scammers quickly shift to SMS.

Scammers are quickly learning how to take advantage of text messages — using them to target unsuspecting victims. One of the most common scams is when a fraudster sends people texts posing to be a bank.

How SMS Phishing Works

The message usually impersonates a trusted bank and may include a link that may lead to a credential phishing page. The fraudster may claim that your account has been compromised and ask you to confirm your identity by clicking on a link.

Alternatively, the scammer may claim that your password has expired and instruct you to click a link to reset it. The scammer will claim unrecognized activity on your account, and you’ll need to confirm a few things.

SMS phishing is evolving and isn’t restricted to traditional SMS anymore. Scammers are shifting to popular messaging apps such as WhatsApp, WeChat, and Facebook Messenger. The inclusion of these Internet-based platforms has increased the reach of smishing considerably.

The Dangerous Test We Took — You Shouldn’t Try it Yourself

Many companies are on the receiving end of the smishing attacks where impostors try to get into the enterprise networks, steal people’s data, and misguide employees into wiring funds to the wrong destination.

We received one of the scammers’ texts and decided to test and check the scammer’s aim. We bit the fraudster bait and clicked the link — but you shouldn’t because we’re professional in a controlled environment.

The link led us to a Cloudflare service to check our browser. Yes, hackers are getting more sophisticated and are using services like Cloudflare to make their scams look legit. After a few seconds, the link directed us to Citizens bank login or what appears to be a Citizens bank login page.

However, the URL wasn’t official, and we weren’t banking with Citizens bank. The two red flags alone were enough to tell you that the message was from a fraudster.

Banks Rarely Text Messages to Its Customers Out of The Blue

Whenever you get a text message claiming to be from your bank or another bank, there is a 99% chance that it’s a scam. Banks rarely text their customers out of the blue.

Every fraud SMS is an attacker trying to trick you into clicking on a malicious link that will install malware on your device or direct you to a fake website. The site will then ask you to enter sensitive information such as banking login details.

Your bank will never send you text messages asking you to confirm your account details or reset your password. Such SMSes are from scammers. Delete the message and avoid clicking the link on the text.

Types of Text Messages You Should Look Out For

Fraudsters have mastered the new smishing technique over time to ensure the efficacy of their foul play. The fraudsters use methods such as:

  • Fake account activity alerts: Every organization is enforcing extra verification steps in places where people can access business activity. Fraudsters are taking advantage of this caution by sending people fake confirmation requests. In some cases, the messages are hidden as elements of multifactor authentication to lure people into sharing their bank information. The attackers aim to convince unsuspecting users to click on links that will lead them to a malware download or credentials phishing page. Someone gullible will feed their bank information on the phishing page where attackers collect them.
  • Message pretending to come from the bank: Money-related problems are among the most sensitive to many, and scammers understand that. The smishing message will pose to be a bank or other financial institution. The con artist will then misinform the potential victim about dubious transaction activities on their accounts. The fraudster will ask you to follow a link that will take you through identity checks to sort out the issue. If you fill in your bank information, you end up giving scammers access to your money.

No Way to Stop the Text Messages Scams

There’s no way you can stop scam attempts. The attempts are part of life today. The best remedy when you get phishing texts, emails, or phone calls, is to delete the message or hang up.

There isn’t one device that’s more susceptible to receiving scam texts. If you’re getting plenty of the smishing text, there could be a probability that data providers sold your number to telemarketers.

It’s nearly impossible to keep your phone information from being compromised.

Behind the Spiken in SMS Scams

One factor has promoted the rise of SMS scams. Other online means of communication have improved to provide users with secure communication. The improvement has locked down technical vulnerabilities, forcing fraudsters to turn to social engineering.

Phishing via SMS has become commonplace, partly because of inadequate telecom regulations. Scammers are operating at no risk.

Tech42 Will Protect Your Business From Smishing Scam and Other Cyber Threats

Leveraging technology can help your business reach its goal quickly. However, tech comes with high scam and security risks.

At Tech42, we can help you protect your business from cyberattacks. We understand that one attack could seriously damage your business and its reputation. Contact us today to protect your business from cyberattacks and their financial fallout.