Rohit Roy (name changed), works as a field executive in a small town of Assam in India. He uses internet for basic activities such as connecting with his family & friends, send daily updates to his branch manager through email and sometimes uses internet banking for online shopping or to transfer funds to his relatives in different state.
On 10th of October 2015 he receives an sms from his bank with a link asking him to update his account information within few hours or his account will be closed. Without wasting a second, Rohit follows the link in the sms, opens a page which is similar to the bank website and fills all the confidential information asked in the page such as Name, Date of Birth, PAN card, Debit/ATM card info and internet banking username & password.
Within few hours of filling the form, Rohit again receives an SMS from his bank that he has made a transaction of INR 60,000 on his Debit Card. Confused with the sms he calls the bank customer care to inquire about the sms. The customer care executive confirmed about the transaction which was true but since it was not Mr Rohit who had made the transaction he got bewildered.
He then called the bank customer care again to get his card and net banking blocked.
Mr Rohit may have probably blocked his bank details to prevent any further unauthorised transaction but will he be able to recover the 60,000 INR which he just lost.
Lets see why Mr Rohit lost his hard earned money and how you can prevent yourself and your society from being a victim of SMS Phishing.
What is SMS Phishing or smising?
SMS Phishing or smishing, is an criminal activity which involves the act of acquiring confidential & personal information such as card details, personal details or passwords by acting as a trustworthy entity and sending text messages. Links or email ID’s are usually sent in such messages where personal information are requested.
SMS can be in the form of notifications from trusted sources such as financial institutions, operators, leading companies providing jobs or lottery notifications where users are asked to act or respond quickly.
Some examples of SMS Phishing are:
How to Protect yourself from SMS Phishing?
Since Fraudsters send sms with the motive to acquire your confidential information and use it for their financial gain, the best way to prevent yourself from being a victim is to educate yourself with the latest tactics used by fraudsters and stay alert.
Below are some tips you can follow and share with your community to stay safe.
- Do not click links within text messages if you receive from unauthorized sources. Remember financial institutions never send messages asking for any confidential information.
- If you receive message from banks or other financial institution asking for your personal details, call the bank directly instead of replying to messages.
- Do not share OTP (one time password) required for making internet banking transactions with anyone.
- If a text message is asking you to act urgently, stop and think about it. Remember that criminals use this as a tactic to get you to do what they want.
- Do not fall for messages related to lottery winnings or loan offers. This are tricks used by fraudsters to deceive innocent people. They usually ask for advance money to process the loans or send you the lottery amount.
- If you receive a JOB/EMPLOYMENT SMS notification, verify it directly from the official sources such as official website of the employer. Never pay any advance money for interviews.