There’s never any shortage of bank scams these days – from basic phishing emails to sophisticated card reader machines attached to ATMS. Now, Action Fraud, the UK’s fraud and cyber crime protection centre, is warning of a new scam targeting NatWest customers.
Known as ‘smishing’, the scam sees criminals place fake texts within an existing message thread – this makes those fraudulent SMS messages look like they’ve been sent by the bank itself. As far as the unsuspecting customer is concern, any link contained within the thread is genuine; in other words, if you don’t know about it, this scam is virtually undetectable.
By clicking the link, you’ll be taken to a replica of the NatWest, where you’re encouraged to give up your banking details – including your personal data and PIN number – under the pretext of ‘security’.
The criminals behind the activity don’t stop there, either. Action Fraud had reported cases where the fraudsters have later contacted their victims by telephone, pretending to be calling from the bank’s security team. In one such case, a women was defrauded of £130 after ignoring a fake text message. The criminals then contacted her, sent an apparently genuine six-digit security code via the bank’s SMS number, which convinced the victim to hand over her details.
NatWest say they’re currently investigating the issue – although it’s worth noting that even those who bank elsewhere have also been targeted, in what looks to be like a fishing exercise for the criminals.
In light of the ‘smishing’ reports, an Action Fraud spokesman said:
‘Fraudsters will send you a text message that asks you to reply with your personal or banking details, or to call a premium rate number they have created to run up a large bill. This is called ‘smishing’ – contact like this is designed to convince you to hand over your details or your money. Don’t assume anyone who’s sent you a text message is who they say they are. If a text message asks you to make a payment, log in to an online account or offers you a deal, be cautious and report is to Action Fraud online.’
‘Smishing’ is another in a long line of communication-based scams carried out by faceless criminals – only recently, HMRC was warning self-employed workers filling out their self-assessment tax returns not to be fooled by emails purporting to offer them a tax refund. As ever, then, it pays to stay vigilant when dealing with your money matters online.
· A bank will never ask for confidential data over email, phone or text
· Don’t rely on caller ID either on phones and in texts – ‘smishing’ shows that even these can be faked
· Use official banking sites and apps independently – don’t follow links in emails and SMS
· Check any dubious website for tell-tale signs of fraudulence, such as typos and improper English, or requests for highly confidential data
· Ensure all financial web sites that require personal information carry the secure ‘padlock’ symbol in the address bar
· Don’t allow untrusted third-parties remote access to your computer
· If in doubt, contact your bank or authorities such as Action Fraud