Smishing is a type of cyber-attack where the user is baited via a text message (SMS) on their devices. It is meant to deceive the user by handing over personal information either through a malicious link being clicked or malware being downloaded onto the device. Fraudsters send these messages to make it seem like it is from a legitimate source, such as banks, the post office, government, services providers, or retailers. They typically contain messages that appear to be urgent or enticing so that users can take immediate action.
According to the South African Banking Risk Information Centre (SABRIC), fraudsters primarily employ smishing (SMS phishing) as their preferred method to acquire confidential information through mobile banking channels, in South Africa. Due to this alarming stat, it is more reason to be aware of what the latest smishing tactics are:
Bank text
The banking scam never gets old, but you should never let your guard down. No bank will ever SMS to ask you to verify your details, login information, RICA documents, or anything relating to your account. It is advisable to call your bank immediately to confirm if they tried to contact you, if you cannot be sure. Otherwise, type the bank’s URL into your browser first to go into your account.
Courier notification
As we approach the holiday season, do not be scammed by messages from the post office or private courier companies that you need to pay import duties or an outstanding amount before your parcel is released. It may look legit or seem sophisticated, but this would be disastrous for you to input your banking details anywhere. As always, call the company to confirm if its real or not.
Password reset
We all have multiple online profiles across various service providers. Be extra vigilant if you receive password reset notifications. It could be a way to trick you that someone else is trying to access your account and for you to urgently put a stop to it. Make sure you have two-factor authentication turned on and ignore these messages – delete it immediately.
Tax Season
This is quite common in South Africa, where fraudsters pretend to be the South African Revenue Service. Even if you haven’t yet paid your taxes yet, do not fall for these scams. SARS themselves warn you not to click links sent to you about urgently paying back them money. The best way to verify is to go into your eFiling profile by typing the URL out yourself into a web browser or contact the call centre to verify.
Competitions
Another common scam arguably related to current events is telling you that you won a competition, and you need to input your details to claim the prize. Think about it first, whether you entered a draw or not, you will never be asked to click a link – it will most likely be a telephone call.
Remember, never click links sent over SMS, email, Whatsapp or DMs, even from friends and family – check first if they’ve been impersonated.
