SMS Scams Impact Banking Security

March 28, 2016

The techniques used by hackers to defraud bank customers and steal cash have been unveiled in a recent investigation by the BBC Radio 4 consumer programme You and Yours, with the exploitation of SMS messaging being the latest issue that businesses must overcome.

This ties into the rise of banks using SMS as a form of authentication for people using their online services. And these so-called ‘smishing’ attacks have been proven to be surprisingly effective, with NatWest shown to be susceptible to this type of malicious activity, according to SC Magazine.

SMS Scams Impact Banking Security

Hostile Takeover

Hackers can hijack mobile devices from legitimate users and then take advantage of this situation to gain control of their bank accounts, siphoning money and stealing personal information in the process.

In the aftermath of the investigation, which involved journalists successfully deploying smishing techniques via SMS, NatWest spokesperson Chris Popple said that the bank would be taking action to prevent such issues arising in the future.

Popple admitted that the issue of SMS fraud is not just something that banks are having to tackle and that is having an impact across a range of industries. And so businesses which rely on communication with customers via SMS must consider the security implications of doing so, ensuring that they harness safe, well-protected email to SMS services.

Learning Curve

Examples of smishing scams provided by Action Fraud UK have given bank customers an idea of the kind of message they might receive as a result of a malicious third party attempting to compromise their account. And perhaps unsurprisingly, the biggest clue that an SMS is not genuinely from a bank but instead has been sent by a scammer is the quality of the spelling and grammar.

The same tell-tale signs of fraudulent behaviour are present in phishing emails, with which millions of consumers will be familiar because of their ubiquity.

Add to this the fact that banks and other businesses will never ask customers to provide details relating to their PIN and other sensitive information via SMS, and it should be relatively simple for customers to spot scams and avoid being duped by them.

But cyber-criminals play on the fears of their victims in order to extract information and hijack accounts, which is why financial organisations have been targeted along with recent incidents of smishing and phishing involving HMRC.

Security experts have pointed out that while the technologies involved in committing fraud have changed, the techniques deployed by scammers are fairly consistent, especially when it comes to tricking individuals. And in general, it is easier for cyber-criminals to convince someone to part with sensitive data using smishing and social engineering than to launch a direct hack against secure accounts.

Some industry observers believe that more needs to be done by network providers in order to ensure that SMS communications are properly filtered, preventing scam messages from getting through to users and keeping them out of harm’s way. And since SMS communication is still an important marketing tool for businesses, this needs to be carried out with care.