Reports of text message scams have jumped in the first six months of 2021, according to Which?
Such “smishing” (SMS phishing) scams often involve texts pretending to be from banks, delivery companies and phone networks.
The consumer group said figures from Proofpoint show reports of smishing in the UK increased by nearly 700% in the first six months of 2021 compared to the second half of 2020.
This has been driven by fraudsters look to take advantage of coronavirus pandemic-related shopping trends, such as people getting more deliveries to their homes, as well as the growth in businesses sending texts to customers.
Proofpoint operates the 7726 text service that enables people to report spam texts for free, and collects data on those reports categorised as smishing.
The figures suggest there is a three-to-one ratio of parcel smishing attacks to banking smishing attacks. Voicemail smishing – where scammers send a text pretending to have a link to a voicemail – is also a more recent technique.
Which? has published an SMS best practice guide for businesses to help protect their customers from potential fraud – adding major banks and delivery companies such as Barclays, TSB, DPD and Hermes have agreed to adopt it.
Since establishing its own “scam sharer” tool in March 2021, Which? has received more than 9,000 reports to the tool. Two-thirds (65%) of reports have been phone call or text scams – and 31% have been scam texts specifically.
Which? research found seven in 10 (71%) people say they do not trust text messages from companies to be free from scam risks.
The consumer group suggests that businesses should avoid hyperlinks where possible and not include phone numbers.
Rocio Concha, Which? director of policy and advocacy said: “Smishing attempts have risen dramatically – with fraudsters taking advantage of the pandemic to trick consumers into giving away personal details and transferring their hard-earned cash.
“Businesses must play their part to protect people from scams.”
The findings were released as fraud prevention body Cifas and Mobile UK warned of an increase in “social engineering attacks” on mobile phone users.
Attempts by criminals to impersonate genuine customers of phone companies and hijack their accounts have increased significantly in recent years, they said.
Facility takeover fraud, whereby an existing mobile phone account is taken over by a fraudster, has increased by 88% over the past three years in the telecommunications sector, with over 17,500 instances recorded in 2020.
Fraudsters trick people into disclosing their personal, banking and account details, often by impersonating mobile phone operators themselves and offering upgrades.
Reports have also been received of criminals using other communications methods, such social media platforms, to impersonate mobile phone companies.
Cifas’ head of fraud intelligence Amber Burridge said: “If you receive a call from someone purporting to be a mobile phone company offering you a new mobile phone or an upgrade, always be sceptical and challenge the caller.”
Gareth Elliott, head of policy and communications at Mobile UK, said: “We urge customers to remain vigilant and to help us act by texting reports of nuisance SMS to 7726, and reporting suspicious calls.”