Top Up Pay Bill

SMS Phishing and SMS Fraud: if it walks like a duck, it might still be a cow

Thursday, September 30, 2021 by Melita

SMS Phishing and SMS Fraud: if it walks like a duck, it might still be a cow

Let’s face it, waiting for parcel delivery is always exciting and we can grow pretty impatient waiting for that knock on the door, but, as excited as you might get waiting for your 12th selfie stick to arrive, never open an SMS asking you for payment to release your package.

What is SMS Phishing and SMS Fraud?

Phishing is a highly sophisticated form of cybercrime in which the attacker poses as an institution that is known or familiar to you. They usually take advantage of an existing situation, in this case, your excitement to receive your new selfie stick, to steal sensitive information such as credit card information, login credentials, or even your contacts’ numbers. Although phishing attacks can happen via email or voice call, in recent months, SMS Phishing seems to have grown in popularity, especially in Malta. In fact, we’ve heard of several reports of fraudsters impersonating local entities, such as MaltaPost and our very own Melita Ltd.

Here are some things to remember and look out for:

Hot topics burn…your pocket

Fraudsters tend to take advantage of something that’s happening to you or to your community. At the moment, it’s likely to be something related to COVID-19. For example, they could pretend to offer you information relating to wage supplements, test results, or your vaccination certificate. But before imparting the information you want to receive, they will ask you for passwords or other sensitive data. Don’t fall for it, take a minute, and check if the source is truly genuine, and then check again. 

Against the odds

A trustworthy organization is unlikely to send a website link via SMS, so if you receive one, it’s probably from some upcoming cyber thieves hoping that you will pay for their next trip to Ibiza.  

You can’t win it if you’re not in it  

If you’re asked to ‘claim a prize’ remember that you cannot possibly win anything unless you’ve entered a contest! 

The devil is in the detail

Always keep a lookout for the name and number the SMS is coming from. For example, an SMS from Melita will always show ‘MELITA’ as the sender, not ‘SMSS’, ‘Melita-G000’ or ‘MLT’. 

It’s not a game, not really

Online mobile gaming apps can be fun and exciting, but many are being used to inflate and generate a high number of international SMSs from the victims’ phones. Do not engage!

Fat chance 

If a link from a website takes you to a messaging app, do not hit send. Simply close all windows and exit the app. If you don’t, get ready for a shocking bill the next month.

They’re official for a reason

Never download mobile apps from a non-official store (the only official stores or App Store for Apple and Google Play for Android). 

It’s never as urgent as it sounds 

May fraudsters will put a deadline on their request. For example, they’ll give you a few minutes to click on something to claim a prize, or not to incur a charge. Remember that a sense of urgency is one of the biggest reasons people fall for such scams. So, calm down, take a breather, and check things out by calling the organization that the sender claims to be, using their official numbers, not the numbers sent to you via SMS.

Sh**t happens! If you do become a victim of SMS Phishing, report the crime to the cybercrime unit and freeze any bank accounts related to your device. Change passwords and account pins to be safe and warn your contacts not to fall for the same scam. Next time, you will do better.