Major banks and delivery companies are adopting a new best practice guide for texting customers as Which? reveals that ‘smishing’ – scam phone calls or texts – attacks have increased dramatically over the first six months of 2021.
The worrying number of smishing scams in 2021 – including scam text messages pretending to be from legitimate organisations such as banks, delivery companies and phone networks to steal consumers’ money and personal information – has led the consumer watchdog to publish an SMS best practice guide for businesses on how to protect their customers from potential fraud.
Proofpoint data shows that reports of smishing in the UK grew nearly 700% in the first six months of 2021 compared to the second half of 2020 (July-December). This has been driven by an increase of scams since the coronavirus pandemic, as fraudsters look to take advantage of shopping trends such as people getting more deliveries to their homes, as well as the growth in businesses sending texts to customers.
Reports of smishing in the UK are 15 times higher than reports of smishing in the US, according to Proofpoint’s data. Smishing attempts pretending to be from banks and delivery companies are particularly common as these industries often use text messages to communicate with customers.
The figures suggest there is a three to one ratio of parcel smishing attacks to banking smishing attacks. Voicemail smishing – where scammers send a text pretending to have a link to a voicemail is also a more recent technique.
Proofpoint operates the 7726 text service that enables people to report spam texts for free, and collects data on those reports categorised as smishing.
Since establishing its own Scam Sharer tool in March 2021, Which? has received more than 9,000 reports to the tool. Two-thirds (65%) of reports have been phone call or text scams – with 31 per cent of these scam text messages specifically.
Two of the top three most commonly reported SMS scams to the Scam Sharer tool have been fake text messages from delivery companies.
The prevalence of smishing scams has made it difficult for consumers to distinguish between genuine business texts and potential scams and made many wary of any texts claiming to be from a company.
Which? research shows that seven in 10 (71%) people say they don’t trust text messages from companies to be free from scam risks.
While Covid has led to an increase in smishing, according to Proofpoint, the more fundamental cause for growth in smishing is that texting has moved from just being person to person communication between friends and family to become a commercial communications channel.
To help businesses protect their customers and differentiate their texts from those sent by scammers impersonating them, Which? has launched an SMS guide with support from across the banking, delivery and mobile industries.
Nine key organisations, including Mobile UK, the trade body representing mobile network operators, AICES, which represents delivery companies, and Consumers International, which represents consumer organisations in over 100 countries, are among those throwing their support behind the initiative.
In addition to these organisations, big delivery companies including Hermes and DPD and as well as Barclays and TSB banks have already agreed to adopt Which?’s 10-point guide.
The consumer watchdog’s guide contains tips for businesses when using text messages to contact customers, such as avoiding hyperlinks where possible, not including phone numbers and protecting their SMS Sender ID so it cannot be spoofed by unscrupulous fraudsters.
Says Rocio Concha, Which? Director of Policy and Advocacy:
“Smishing attempts have risen dramatically – with fraudsters taking advantage of the pandemic to trick consumers into giving away personal details and transferring their hard-earned cash.
“Businesses must play their part to protect people from scams. Our SMS guide aims to help organisations differentiate their texts from the scammers impersonating them so consumers can more easily recognise scam SMS messages.
“We welcome the commitment by the businesses who have signed up to our guide and hope this will encourage more organisations to consider how they can better protect their customers from fraud.”