The majority of UK SMS phishing (“smishing”) fraud attempts come through parcel delivery texts.
Millions of mobile users have received the texts that claim a small payment is needed for a package delivery to be completed purporting to originate from the likes of the UK Post Office, or other delivery organisation.
Unfortunately, these texts are a front for fraudsters attempting to steal personal banking details and, sadly, many have fallen victim.
Impersonation
Smishing is a technique that criminals use to target consumers with texts impersonating trusted organisations.
Recent research had shown that that over a 90 day period to mid July 2021, some 53% of these smishing attempts were said to be from delivery organisations. This compared with 23% of text messages claiming to be from banks or other financial institutions.
During the most recent 30-day period, some 67% of these scams were delivery organisation text messages.
Criminals are experts at impersonating a range of organisations and have capitalised on the pandemic, knowing that many of us will be ordering goods online and awaiting parcel deliveries at home.
Sender Name Registry
The problem is made even worse when an actual name appears as the sender giving the impression of even more authenticity.
With this in mind there are some actions being taken by the mobile phone industry to mitigate this slightly. The SMS SenderID Protection Registry allows organisations to register and protect the message headers used when sending text messages.
The Registry limits the ability of fraudsters to send messages impersonating a brand by checking whether the sender is the genuine registered party.
This will certainly help, but will not solve the problem as many unsuspecting victims still click or follow the link within the text message even when only a phone number is shown.
Is your organisation highly effective at tackling cyber security issues, including smishing, faced by businesses around the globe daily? Find out in our Free 14 day trial today.
