Smishing (SMS Phising) - Cyber Crime Alert

10th Apr 2017

Hopefully, by now, most of us will be aware of and – with any luck – wise to ‘phishing’ email messages, web-links or suspicious phone calls.

Whether having learned the hard way, or through the misfortune of others, we know not to click links in suspicious emails and to treat correspondence from banks, government departments or competition ‘wins’ with upmost scepticism.

What is Smishing?

‘Smishing’ or SMS Phishing is essentially the same as traditional phishing scams, only would be cybercriminals use your cellular phone or other mobile device as a conduit to gain access to your precious data or to offload a virus or malware.

So, the obvious course of action is as simple as it is effective – ignore anything even remotely odd received via SMS…especially if it appears to have come from your bank or building society.

If only it were that easy!

Ignorance is our weakness

As a relatively new phenomenon, Smishing is at its most potent when the majority of potential victims (all of us) are casually unaware.

This was shown to be true last month (March 2017) when three Santander customers where hit by Smishing fraudsters who got away with nearly £40,000.

Another story emerged in February of a Santander customer who lost his life savings in an incident where mistakes were made by the bank as well as the unfortunate victim. Read More!

Ingeniously deceptive

The one element of Smishing attacks which are somewhat ingenious – in the most heinous way of course – is that, unlike fraudulent emails, smishing SMS messages use number spoofing tactics and viruses to appear in existing message threads.

Most of us will be used to receiving the odd text message from our bank so it’s hardly a stretch to imagine a new message in an genuine thread slipping through the net.

What’s the worst thing about Smishing?

As the number of public Santander victims have found out, due to the ‘compliant’ nature of a Smishing attack, with victims essentially authorising fraudsters to access their accounts, the bank is not legally obliged to reimburse any lost funds.

An absolute nightmare situation, I think you’ll agree.

What’s your best form of defence?

The answer really is simple – just do the following and we’ll all be as safe as the days when we kept our cash in a mattress in the spare room…


The only way to be sure that correspondence from our banks or other authorities, such as the HMRC – I recently received and email altering me to a tax rebate I was apparently owed…too good to be true! –  is genuine, is to call official numbers and enquire.

Assumptions of legitimacy are the mother of all mistakes...

You’re much better and safer to assume that the well-dressed salesman at your door has a shed-load of snake oil to get rid of!

What Next?

If you are planning to deploy an enterprise-grade wireless network or are experiencing problems with a existing setup, please feel free to contact Ensign Communications for a chat with our technical team.