Staying safe online

Smishing

‘Smishing’ is a form of fraud, that usually presents itself via texts that look like they are from a reputable company and try to get you to do something. 

An example is when you get a text that looks like your provider has sent you a message asking you to update your details. 

They are often from a premium rate number or site that will share or sell confidential information. And as you can tell from the examples they vary slightly, and on one you can clearly see that the actual provider is ‘o2’ but the text from a mobile is allegedly from ‘EE’, be vigilant. 

Smishing messages can be convincing, and it is very easy to mistake them for genuine messages. 

Signs to look for with social engineering: 

• Spelling Mistakes: Careless spelling mistakes can be a clear sign something is not quite right, so keep an eye out for them
• Claims that your account is in danger: Messages that usually tell you that there is an urgent issue with your account, saying if you don’t act now, your account will be terminated, suspended, or blocked. Fraudsters want to worry you and hope that you will follow their instructions
• They may say you have won something or indicate you have a chance to get an exclusive offer, hoping that you will be so excited that you will do whatever they have asked you to without thinking. 
• If it looks too good to be true then it probably is. 

If you get a suspicious message don’t worry too much as receiving one won’t affect the security of your personal information or your device. For the scam to work you would need to follow the instruction provided within the message. 

So remember:

Check the sender email address in an email - hover the mouse cursor over the email address shown in the sender box. If the email address has been spoofed this should show the email address the message has actually come from. Be aware though this function can be overridden, and you may need to check the email header data to confirm the source email address. If the email looks suspicious in anyway do not open any links and forward it to the phishing department of the organisation they are pretending to be from.

Check that the email address shown is an organisation’s correct email address and has not been spelt incorrectly, such as @c0lchester.gov.uk (the ‘o’ has been changed to a ‘zero’) instead of @colchester.gov.uk’. Often, phishing emails will be sent from an email account similar to a genuine company email address, for example police@gmail. com or police@yahoo.com, rather than a genuine organisations account.

Do not click on any links. And think about it, would the supposed sender really contact you like this? Most companies wouldn’t ask you to confirm sensitive information over text and would never ask you to confirm any personal or confidential data in this way. 

Do get in touch with the company it is supposed to be from, they will let you know if it is a genuine message or not. 

Many companies have a number that you can forward the message to for them to then investigate the scam. You will probably receive an automated response thanking you for the report and providing any further instructions that may be needed. 

Responding to these messages may lead you to being targeted again so it is always best to either ignore it, forward it and delete it. 

These types of messages are designed to be convincing, so anyone can fall victim to one. If you have responded to a message that you think is suspicious then here are some steps, you could take: 

• Change your passwords: Do this as soon as you can for things like your phone account, online banking, and email address
• Contact your bank: It is a good idea to get in touch with your bank just to make them aware so that they are able to monitor your account and advise you of the best course of action to take. 
• Contact your phone provider: If you think your account has been compromised, then let your phone provider know as they will set up a security alert for you. 
• Check your phone providers ‘Fraud and Security’ page for further information to advise you how to deal with Smishing. 

For more information on how to spot and report scam emails, texts, websites and calls, then you can visit the National Cyber Security Centre.