Protecting yourself against coronavirus SMS scamsTopic: Technology
16 April 2020
Understandably the coronavirus pandemic has made many people worried about their wellbeing. Though there have been many heart-warming stories amidst the outbreak, unfortunately there has also been a growing number of scams.
Cybercriminals have been capitalising on individuals’ uncertainty and fear, and in the UK alone, there have already been over 500 COVID-19 related scams, totalling £1.6 million in losses. Many of these scams involve messages to recipients under the guise of organisations such as the NHS, WHO and even national government. These messages aim to trick individuals into downloading unsafe applications or include requests for personal information such as bank account details.
What’s more, this isn’t just a problem in the UK. Australia’s Cyber Security Centre recently urged people to remain vigilant, as it reported SMS phishing scams, also known as smishing scams, were on the rise and similar trends have also been identified in East Asia and North America.
To help tackle the growing issue, the UK government has added both UK_GOV and UKGOV to the list of restricted SMS Sender ID. Ensuring all text messages sent using these sender IDs are automatically stopped by mobile networks, and therefore are not delivered to recipients unless coming from an official channel – please see example message to the right-hand side, with sender ID highlighted for reference. This is in addition to measures networks first announced in early 2018, as part of the SMS PhishGuard initiative which introduced an official SMS SenderID Protection Registry. However, as cybercrime researcher Chris Monteiro states – “arguably, the issue is not that spoofing is easy, but that identifying a legitimate message is inherently hard.”
Helping you identify legitimate messages
As alluded above, it’s not always easy to identify a legitimate from a fraudulent message, but the below outlines a few tips which may be useful in situations where you need to make the distinction:
- Take a moment to consider the sender ID
With the exception of government and charitable groups, businesses and organisations are only able to contact you if you have opted in to receive communications. So, when you receive a message take a moment to consider whether you are expecting the message and if you previously opted in to receive these communications from the sender identified in the sender ID.
- Review the message content
It may seem obvious, but often these messages will be written in such a way to try and make the recipient panic and act quickly. Try to stay calm and properly review the message content. Is the tone consistent with other messages you have received from this organisation? Is the message asking for personal information? It’s very unlikely that a business will ask you to convey personal information via SMS.
- Contact the organisation or business directly
If you are still unsure whether the message is legitimate or not, contact the business or organisation directly and ask. A simple phone call can quickly confirm this and put your mind at rest. Just be sure to use details you either already have stored for the organisation, or those you have found online, as details within the message may be fraudulent.
Reporting SMS scam messages
In addition to following the advice above, if you do receive a suspicious SMS message in the UK, you can report it to your network provider by forwarding it to 7726. Reporting these campaigns enables mobile network providers to continually update protective protocols to protect future recipients.
If you have supplied personal information
If you believe you have provided personal information in response to a fraudulent campaign, remain calm, notify your bank and update relevant passwords as soon as possible. Thankfully many organisations can usually identify unusual activity on accounts, but it is always best to be cautious.
At Esendex we understand how important it is to help reduce spam and have always had robust measures in place. All accounts go through a four-step account verification process and we have various safeguards and filters which cover both the content and selected sender ID of all message campaigns. We are committed to working with mobile operators and staying up to date with the latest cybercrime trends to ensure we continue to protect our customers and their businesses.
If you have any concerns, or would like to find out more information please phone one of our friendly advisers on 0345 356 5758.