Each smishing attack uses similar methods, while the presentation may vary significantly. Attackers can use a wide variety of identities and premises to keep these SMS attacks fresh.

Typically, an attacker will claim there is an error with your account and give you steps to resolve it. The request can be as simple as using a fraudulent login page, while more complex schemes may ask you to provide a real account recovery code in an attempt to reset your password. Warnings of a support-based smishing scheme include an issue with billing, account access, unusual activity, or resolving your recent customer complaint.

How do these attacks usually happen?

SMS phishing attacks primarily spread uninterrupted and unnoticed due to their deceptive nature. Smishing deception is enhanced due to users having false confidence in text message safety.

Firstly, most people know about the risks of email fraud. You’ve probably learned to be suspicious of generic emails that say “Hi—check out this link.” The exclusion of an authentic personal message tends to be a substantial red flag of email spam scams.

When people are on their phones, they are less wary. Many assume that their smartphones are more secure than computers. But smartphone security has limitations and cannot always directly protect against smishing.

Another risk factor is that when you’re on your smartphone and on the go, often you’re distracted or in a hurry. This means you’re more likely to get caught with your guard down and respond without thinking when you receive a message asking for bank information or to redeem a coupon.

Regardless of the means being used, these schemes ultimately require very little beyond your trust and a lapse in judgment to succeed. As a result, smishing can attack any mobile device with text messaging capabilities.

Gift Smishing

Gift smishing suggests the promise of free services or products, often from a reputable retailer or other company. These can be giveaway contests, shopping rewards, or any number of other free offers. When an attacker elevates your excitement by proposing the idea of “free,” this serves as a logic override to get you to act faster. Signs of this attack can include limited time offers or exclusive selection for a free gift card.

Invoice or Order Confirmation Smishing

Confirmation smishing involves a false confirmation of a recent purchase or billing invoice for a service. A link may be provided for a follow-up to manipulate your curiosity or prompt immediate action to trigger fear of unwanted charges. Evidence of this scam may involve strings of order confirmation texts or the absence of a business name.

Customer Support Smishing

Customer support smishing attackers pose as a trusted company’s support representative to help you resolve an issue.

Recognising an attack

As with phishing attacks, spotting smishing attacks isn’t always easy. Look for something that’s off or unusual. Here is some advice when receiving a suspicious text:

At present, Bank of St Helena do not use SMS texting to contact customers.