We wanted to bring to your attention a significant rise that the mobile networks are seeing in Smishing attacks. Read on to find out how you can recognise a Smishing attack and what your business can do to help prevent them.
What is Smishing?
Smishing is when fraudsters use SMS to impersonate a trusted organisation in an attempt to steal an end user’s personal information. Typically by tricking the end user to click a link within the SMS.
Why is Smishing a risk for the Channel?
For a Smishing attack to be effective, the fraudsters require the ability to send high volumes of SMS. By utilising automated means, such as a SIM Gateway, fraudsters can send thousands of SMS in a short period of time. The speed with which the SMS' are sent can make it difficult for the networks to identify and bar the offending SIMs in time to thwart the Smishing attack.
The Fair Use Policies enforced by the networks exclude any fraudulent usage, as do the Mobile Bill Limits and Spend Cap regulations. Therefore, the networks will charge for any and all usage identified as fraudulent, which can run into the £000’s, leaving the Partner liable for the outstanding charges.
We are aware that most of the customers our Partners transact with are legitimate businesses, but scammers may use real company details to fraudulently obtain SIMS.
We want to encourage Partners to remain vigilant. The list below is a reminder of some of the checks you can make to help mitigate risk.
- Fraudulent activity generally comes from the scammer proactively making contact to sign up for a new service. Is the inbound sales request genuine?
- Ask the customer to send you 2 X identity documents i.e. passport, proof of identity with picture.
- Meet the customer in person before sending out the SIM cards.
- Ensure the customer has provided a main landline number and not solely a mobile number. Call the number and speak to the contact via the switchboard.
- Question any ambiguities on Companies House i.e. inconsistent stakeholder names.
- Check the customer's business address on Google Maps. What type of area is the company in? i.e. residential, industrial park.
- If a new customer provides a delivery address that is different from the company address, probe for further detail or reject it altogether.
- Check the customer’s email address. Does it look like a genuine business email address?
Please refer to Mobile Tariff Guides for further detail on Fair Use Policies.
More information on the Mobile Bill Limits regulations can be found in the Mobile Bill Limits and Spend Caps PDF stored in the Product section of iBillie.
