Reports of "smishing" text message scams in the UK have risen "dramatically" in the first six months of 2021, consumer group Which? said on Tuesday.
Figures from spam text service Proofpoint show the attacks in the UK increased by nearly 700% in the first six months of 2021 compared to the second half of 2020.
Which? said the exponential rise has been driven by fraudsters look to take advantage of coronavirus pandemic-related shopping trends, such as people getting more deliveries to their homes, as well as the growth in businesses sending texts to customers.
What is a smishing scam?
Smishing is essentially the text message equivalent of phishing.
Whereas phishing uses emails to trick victims into giving personal information such as online passwords or credit card numbers, smishing uses SMS text messages.
Smishing messages frequently purport to be from banks, delivery companies and phone networks.
The latest Proofpoint figures show so-called parcel smishing attacks are outnumbering banking smishing attacks in the UK by a ratio of three to one - reflective of the pandemic-induced rise in e-commerce.
A more recent technique is voicemail smishing where scammers send a text pretending to have a link to a voicemail.
Business stages smishing fightback
Which? has published an SMS best practice guide for businesses to help protect their customers from potential fraud. Major banks and delivery companies such as Barclays, TSB, DPD and Hermes have agreed to adopt it.
Since establishing its own "scam sharer" tool in March 2021, Which? has received more than 9,000 reports to the tool. Sixty-five per cent of reports have been phone call or text scams - and 31 per cent have been scam texts specifically.
"Smishing attempts have risen dramatically - with fraudsters taking advantage of the pandemic to trick consumers into giving away personal details and transferring their hard-earned cash," said Rocio Concha, Which? director of policy and advocacy.
"Businesses must play their part to protect people from scams."
He advised businesses should avoid hyperlinks where possible, and not include phone numbers.
Five ways to prevent smishing attacks
Reassuringly, Which? research found seven in 10 people said they do not trust text messages from companies to be free from scam risks.
There is also plenty of advice circulating to help people and businesses prevent smishing attacks.
The University of Hawai'i Federal Credit Union has compiled these five pointers.
1. Don’t reply to the text message or call the number.
2. Do a web search of both the number and the message content.
3. If the phishing message is spoofing a company, call the company directly.
4. Don’t click on any links in the message.
5. Utilise a VPN on your mobile device.
'Social engineering attacks' rise 88% in three years
The Which? findings were released as fraud prevention body Cifas and Mobile UK warned of an increase in "social engineering attacks" on mobile phone users.
Attempts by criminals to impersonate genuine customers of phone companies and hijack their accounts have increased significantly in recent years, they said.
Facility takeover fraud, whereby an existing mobile phone account is taken over by a fraudster, has increased by 88 per cent over the past three years in the telecommunications sector, with over 17,500 instances recorded in 2020.
Reports have also been received of criminals using other communications methods, such social media platforms, to impersonate mobile phone companies.
"If you receive a call from someone purporting to be a mobile phone company offering you a new mobile phone or an upgrade, always be sceptical and challenge the caller." said Cifas' head of fraud intelligence Amber Burridge.