The rise of fraud and ‘smishing’ during Coronavirus

Cybercrime in the UK has surged since the start of the COVID-19 pandemic. Bank of Ireland has reminded customers to be extra vigilant against ‘smishing’.

Since the UK lockdown started most banks have issued statements regarding how they will be helping customers during this crisis. Strongly addressed within these, backed by an official warning from the British Government is the spike in online fraud. One type of crime rearing its ugly head is ‘smishing’ - we take a closer look.

What is smishing?

Phishing is the act of attempting to glean sensitive information by pretending to represent a trusted or legitimate source. Smishing is a type of phishing that is conducted via SMS or text and is usually personal, well written, and much more effective. 

Bank of Ireland on fighting fraudulent activity

Bank of Ireland has asked customers to be particularly vigilant during this period, “We are aware of fraudulent SMS/Emails in circulation” they tweeted earlier this month, “Please be aware BOI will never ask for any personal/online info by SMS/Email.” 

The warning was issued after a spike in phishing attempts was reported. On its website a designated security zone can be found, detailing the information they will never ask for and some top tips on keeping your bank account safe.

How can you spot a fake text?

Fraudsters will usually be after card numbers, bank account information, login credentials or general personal information. 

Here are some big giveaways that a text may be a phishing attempt:

• Check the number the SMS is coming from: is it unusually long? Is it from another country? Is the number unverified? Avoid it.

• Is it asking you to ‘verify’ your identity or payment details? Your bank will never ask you to do this over text.

• Is it pressuring you to perform the action by threatening account suspension or a fine? Your bank would not do this either.

• And finally, do not click the link. Instead, take a good look at it. Many smishing links are masked or similar versions of a legitimate website address. Anything prior to a slash or a dash in a link is the website you will be taken to - compare the one you have received to the official site address of the entity they claim to be. 

If you are unsure if you have received a smishing attempt, it is better to be safe than sorry. Contact the bank or company it claims to be, using an official number or email address. Do report it and delete it. Do not follow any link or enter sensitive information.

For more information on all topics for FinTech, please take a look at the latest edition of FinTech magazine.

Follow us on LinkedIn and Twitter.