The number of smishing attacks in Romania increased more than six times in 2023 compared to the previous year, according to an internal analysis conducted by sendSMS. In the first months of this year, 75% of smishing cases attempted identity theft by using a custom tag (sender’s name) to mislead users that messages are sent by various companies.
Globally, 39% of consumers experienced at least one attempt of SMS scam in 2023, according to a study by the Mobile Ecosystem Forum (MEF), a trade association in the telecommunications industry.
Smishing frauds target the banking, courier, and telecommunications industries
Smishing attacks are similar to phishing attacks, but use SMS messages to deceive potential victims. In most cases, users need to access a link and go to a fake website, created specifically to steal confidential details (such as card data or bank application credentials). In other cases, users are tricked into installing malware on their mobile devices.
“In order to prevent and block attempted fraud, in addition to the internal actions and functionalities of Home’Bank, we continuously collaborate with the authorities and various providers, such as sendSMS. Most frequently, customers are manipulated to voluntarily give their card or user data, password, and OTP (one time password) codes, after receiving alarming messages or messages that promise them impressive gains. sendSMS filters daily smishing attacks and alerts ING to block fraudulent messages, before being sent on behalf of the bank. We enjoy this collaboration, which further helps us to be proactive and protect our customers’ data.
We continue to innovate to prevent fraud, and this year we launched the geolocation solution, which can block transactions originating from other geographical areas. The option can be activated very easily, from the Security and Login menu in Home’Bank,” said Alin Becheanu, Head of Fraud Monitoring and Prevention, ING Bank Romania.
According to sendSMS analyses over the last three years, most smishing scams in Romania target the banking sector (56%), the courier industry (25%) and telecommunications services (15%).
“sendSMS has developed a high-performance anti-smishing system for automatic filtering of malicious content and blocking it, before reaching the networks of phone operators. In addition, as another safety measure, certain operations are executed manually by cybersecurity experts. Last year, we identified more than 2600 smishing attacks, of which we blocked 94%. During the first three months of this year, 100% of smishing attempts were blocked.
Part of our strategy includes increased focus on suspicious web areas, following them in a wider network and analysing potential links. We are also vigilant in monitoring online resources that make it easier to send SMS messages anonymously. A detailed analysis of the content, style and other features of the smishing messages contributes to the continuous improvement of our filtering systems. Through these methods, we constantly adapt to anticipate and counteract the evolution of the tactics used by the attackers in the field of smishing. So, we make sure we are proactive and we are aware of the new patterns of the attackers,” added Liviu Baltoi, Cybersecurity Consultant and Founder, sendSMS.
5 Tips from ING & sendSMS for preventing smishing fraud:
Beware of the sender of the message! Companies that use SMS communication and marketing use a sender ID, which means that the sender will display the company name instead of a phone number. This sender ID is checked and implemented following a procedure similar to the OSIM brand.
Compare messages you receive that appear to come from the same source before you take action. When something looks suspicious, contact the sender on a different communication channel!
Do not respond to urgent or threatening messages. Attackers try to create a sense of panic or pressure, in order to distract you from the elements that would help you realise that it is an attempt at smishing.
Moreover, if the messages have grammatical errors, it is an indication that the text has been translated automatically and that it is a phishing scam. Call the phone number on the back of the card or go to an ING Office to clear up any misunderstanding.
Never install programmes on your phone or perform banking operations, following requests made through messages. For example, the bank will never ask you to install a programme to update your data. If you receive an SMS with a link to pay online a parcel or any other reason, do not follow up on this, because there is a good chance that fraudsters will actually want to obtain your bank card data.
Please note that organisations in the financial-banking field will never send you messages containing links to update or verify your authentication or personal data.
Pay attention to the web pages where you are redirected. Is the domain name correct? Is the layout of the site suspicious? Do the texts on the site contain many mistakes or have a robotic language? Enter the bank / company’s website directly from your browser, not by clicking the link in the SMS. Use a cybersecurity solution to protect your phone, tablet, or laptop.
If you clicked on a malicious link, reset your phone to the original factory settings. If you’ve downloaded a malware app to your phone, don’t access the banking app before resetting your phone. Then reset the internet banking application password. Check for suspicious transactions and contact your bank to notify the malware attack.
The post ING Bank & sendSMS: pay attention to incoming messages appeared first on The Romania Journal.
