Earlier this year, my bank texted me about an issue with my account and asked me to log in and fix it.
“Your account has been limited due to suspicious login attempts,” reads. “Follow the link below to restore your online access now.” “
The text included a shortened link that took me to the bank’s login page. There was the bank’s name and logo at the top, a familiar input box for the username and password, and a bland but pleasant background image of a beach. Nothing seemed out of place and everything was the same as what I was used to seeing, right down to the fonts on the page.
How to avoid SMS fraud
- Use text service platforms. Companies are carefully vetted before they can send mass emails.
- Use models. Templates provide consumers with consistency and can alert them when something is wrong.
- Give consumers options. Empower consumers to receive communications over more secure messaging apps.
- Educate consumers. Let customers know in advance what types of communications they can expect – and what to watch out for – via SMS.
I didn’t enter my information on the page, of course. This is mainly because my bank had previously warned me that it would not ask for personal information by SMS. So I knew the post was probably a scam. Sure enough, on closer inspection, the web address at the top was unfamiliar and the links to reset username and password didn’t work.
If I had entered my information, whoever was really on the other side could have retrieved my credentials and accessed my account.
SMS scams can have indirect repercussions
Digital fraud is becoming more common and falling victim to it can be as easy as clicking the wrong link in an email or text message. In 2020, more than 300,000 cases of text messaging scams were reported in the United States, for a total of $ 86 million stolen from victims.
Beerud Sheth, co-founder and CEO of messaging platform Gupshup, thinks a lot about SMS scams. His company helps other businesses, such as banks and e-commerce retailers, send text messages to their customers, typically to communicate information about recent transactions and delivery times. Although SMS scams do not directly affect his business, the consequences of a widespread practice can indirectly affect his industry.
âThe health of this courier industry is very important to us,â said Sheth. âI think businesses and consumers need it to engage and connect, and we want to allow that as much as possible in the freest way possible. So the only way to do that is to reduce these issues at the ecosystem level. “
In India, stock tip scams are a common method of SMS scams. Scammers send out fake stock trading advice and trick users into buying fake stocks, forcing regulators to step in and impose restrictions on corporate messaging, Sheth said.
“These regulations come with severe penalties,” he said. âAs this happens, many use cases of banks and brokerage houses are restricted. In general, this affects the whole ecosystem.
Take advantage of text service platforms
Businesses send SMS communications because getting SMS updates is convenient for most users. Although SMS scams do not originate from the businesses themselves, the scams masquerade as businesses, which can affect their users and the business itself. Fortunately, there are ways to make SMS scams less likely to affect a business and its users.
One change is to use SMS service platforms to manage and send SMS to customers. SMS services have built-in protections that prevent malicious texts from reaching consumers.
âThere are very strict compliance requirements to get an account on Gupshup,â Sheth said.
“Going through a platform like ours is really difficult because of all the checks and balances, and even if someone abuses that, it can be traced.”
SMS services verify that businesses that send bulk SMS are legitimate businesses. Companies must provide incorporation documents and go through a certification process before they can send messages.
âWe do additional checks and balances before messages pass through our system,â said Sheth. âBecause even in large companies there is sometimes a software error. Imagine if a business sent 100 messages to a single user, you’ve had this kind of problem in the past. “
Text service platforms also check common scam keywords and block these messages as well as offensive messages. If sent, these platforms can view their data and report on the originator of those messages.
Give customers consistency by using SMS templates
Therefore, SMS scams do not usually come from text messaging services. On the contrary, Sheth said, they are sent from “SMS farms” – vast collections of email accounts bought by crooks to send messages to large numbers of people.
SMS farms exist because mobile operators limit the number of messages that a single account can send by itself.
“[Scammers] say, ‘Okay, we’ll have hundreds of cellphones,’ âSheth said. “In fact, in some advanced tools, you don’t even need the physical phone itself, you just need the SIM card.”
This type of mass messaging technique is difficult to master, and hundreds of SIM cards together can send thousands of messages, bringing scam operations to scale.
But businesses can adopt messaging methods that train end users to be harder to trick. A common practice in the industry is to use templates to standardize messages for each company, Sheth said, so customers know what kind of wording to expect from companies.
Templates generally work in conjunction with text services. Once a company’s models are approved, the company can only change certain predetermined aspects, such as dollar amounts on invoices and the names of products purchased. A typical template might start with “Your account balance is …” and have placeholders where the business can insert data later.
When businesses use standard formats, customers can be more aware when a message reads differently than normal. Businesses can have multiple templates for different purposes like billing notifications or confirmation emails after users have made online purchases.
Send SMS using more secure channels
Businesses can also offer users the option of receiving text messages through messaging applications that provide more sophisticated security features. This step has the potential to add many layers of protection for consumers, but progress has been slow so far.
âThe messaging app on most devices is controlled by the device manufacturer,â Sheth said.
âIf you think of the reception app, this is usually a very basic default app that is available on most mobile phones. And this app has no built-in intelligence.
It’s a shame because adding more security features to apps is one of the best ways to protect against the possibility of falling victim to SMS scams. Some apps, like WhatsApp, which can be used for text messaging between users who both have WhatsApp accounts, have green check marks to show that sender accounts are verified.
A more sophisticated text messaging app may also have its own built-in filters to detect and block fraudulent messages. This is actually an ability that Gupshup is developing. The company has partnered with device makers like Xiaomi and OnePlus to bring additional security features to text messaging, such as AI capabilities to categorize different types of messages and eliminate scams, Sheth said. . The growing adoption by users of security-conscious communications apps like Signal and Telegram suggests that this could be the direction consumers will be heading in the future.
Communicate with customers on what texts to expect
Many regulations already exist in the industry for mass SMS communication, but many regulations focus on controlling spam rather than scams, Sheth said. Regulations vary by country, but generally messages are classified into two types: transactional and promotional. Transactional messages, like order updates and shipping notifications, have a lot of leeway, while promotional messages, like those asking users to sign up for new products, have a lot more restrictions. Usually, users must register to receive promotional messages.
Whether it is for transactional, promotional or other purposes, companies can always help their customers detect possible fraud by explaining in advance how and when they can expect to receive SMS communications. If customers know that their bank will not send them SMS connection links, they will know how to avoid these types of messages. Sheth said businesses and consumers are already learning some conventions of SMS messaging.
âBusinesses have learned from different countries and different telecommunications regulations,â he said. “So it’s a lot more manageable today than it used to be, but everyone has to be very vigilant.”