Scams are a trillion-dollar business affecting more than 1 in 4 people on the planet. They’re such big money makers that all it takes is one bad choice to let a scammer in. And with 68% of the world’s population sitting with a smart phone in their pocket, it’ll most likely happen through your phone.
In fact, fake SMS scams account for 12% of all cyber crime, with call fraud closely following at 11% (F‑Secure Consumer Market Research, June 2023). According to Joel Latto, Threat Advisor at F‑Secure: “Rather than infecting you with a malicious file, criminals are most likely to get to you using a text message or phone call. They’re just trying to get you to look at that screen and make one bad click.”
Case study: fake SMS “failed delivery” scam
Failed delivery scams that play on the expectation of gifts arriving for the holiday season have been around for years. What’s newer is that these scams are increasingly likely to arrive via SMS rather than email. Here’s how it works:
A message arrives through a fake SMS from a major delivery company that says a driver was unable to deliver a package to your residence.
Often the message comes with a link claiming to provide tracking information — but that link likely leads to an infostealer that will suck up your credentials.
A modern twist on this classic scam may even include a message from the “delivery driver” to say they can’t find your house. They may ask you to click on a link so they can find you easier, but that link could in fact install credential-stealing malware onto your device.
What should you do?
The delivery services are aware of these scams. As a result, they will likely never contact you by email or text to inform you of a failed delivery, especially during the holiday season. You can safely ignore all these messages. If you can’t resist the urge to find out more about a delivery you’re hoping to receive, check your account directly or contact the shipper without clicking on any link you’ve been sent.
Case study: bank impersonation SMS scam
Scammers are nothing if not creative. One US native lost $15,000 in a sophisticated scam where the scammer claimed to be a Chase Bank fraud investigator. And you’ve guessed it: it all started with a text.
Following a text message asking the victim whether she’d authorized $7,500 to be taken from her account, the scammer called from a number that seemed to be official. All the while, more messages arrived letting the victim know that even more money was being taken out of her account. The scammer convinced her to reset her banking credentials with him, at which point he stole her money for real.
What should you do?
Banks are all too aware of these sorts of scams. Crucially, it’s important to know that scammers can fake the phone numbers of banks. That’s why banks will never tell you to transfer money out of your account to protect yourself from fraud. Additionally, they will never ask for online banking passwords and PINs, or for you to help them with an investigation. And they will never tell you that your money isn’t safe. You are well within your rights to challenge, refuse and reject any requests if they feel suspicious.
More examples of scam text messages
There are three elements to a successful SMS scam. Firstly, scammers will impersonate familiar shopping brands, delivery companies, and banks. If they mimic large businesses, they will likely come across someone using their services.
Secondly, they keep it impersonal. Scammers don’t have time to research and personalize, so will likely spam hundreds of phone numbers with the same generic message. Be wary of any texts that don’t address you by name. Thirdly, scammers will invent situations with an air of urgency to prompt you to react without thinking.
Common scenarios that scammers create with fake SMS include
Suspicious activity on your account
A problem with your payment information
Offer of a low interest credit card
Free prize or money off your next purchase
Purchase or tax refund that you need to claim
You’re locked out of your account and must verify details
Your Apple iCloud or Google Cloud account is about to expire
A family member urgently needs help
Courtesy message to confirm a new purchase
3 tips to avoid falling for fake SMS scams
In an age when we’re promised speedy door-to-door delivery, it’s normal to feel a little impatient if our parcel hasn’t arrived as quickly as expected — and that’s where scammers get us. So, if you’re waiting for a parcel to arrive and receive a text message from what looks like UPS, DHL or FedEx, make sure to keep your wits about you. Text message fraud (also known as “smishing”) is more common than you think.
Stop and think before clicking any links sent to you, especially if you can’t verify the reliability of a sender. Reading a fake SMS can’t be used to steal your personal details, but clicking on a link in the text and sending information in response can be used for financial gain or identity theft.
Remember that scam text messages extend to instant messaging platforms like WhatsApp and Facebook Messenger. Be mindful of unprompted messages received on any platform.
Check the authenticity of a text message using our instant F-Secure Text Message Checker. Just enter the sender’s phone number and copy and paste the message — it’s as simple as that.