Analysts at Dojo have revealed the top 20 brands most commonly impersonated in smishing text message scams, used by criminals to trick people across the UK into revealing personal and financial information, such as passwords or bank details.
With more people relying on mobile technologies during the pandemic, it has given cybercriminals a unique opportunity for scammers to target those who have had to use text messages to connect with companies – delivery couriers were found to have had an increase of up to 829 per cent in these types of scams since last year.
With this in mind, the card payment provider analysed Google search volumes for well-known SMS scams to see which reputable companies are being fraudulently impersonated the most.
Dojo’s Chief Information Security Officer, Naveed Islam, also shares five tips on how to spot a smishing text.
Brands most likely to be impersonated in smishing text messages
- Royal Mail
- Hermes
- DPD
- PayPal
- DHL
- Halifax
- Santander
- HMRC
- Barclays
- DVLA
- Amazon
- Parcelforce
- UPS
- Apple Pay
- Virgin Media
- Tesco
- GOV.UK
- Uber
- Sky
- Just Eat
Google search data reveals that Royal Mail is the most commonly impersonated brand by scammers, with a total of 30,200 UK residents searching for Royal Mail scam texts per month.
Royal Mail may top the list due to the nature of their service, handling and delivering customers packages, so it may seem reasonable to ask for your details and to confirm certain things by text in order to deliver your items.
Delivery couriers also take second and third place, with Hermes (15,300) and DPD (7,300) seeing significant increases in SMS scams in the past year. DPD in particular saw a huge 829 per cent increase in searches for text scams – the highest increase of all brands.
Despite seeing a decrease in searches compared to the previous year, in fourth place is online payment system PayPal with a high monthly search volume of 3,700.
How to spot a smishing text message
Although customers are becoming wiser to smishing texts, scammers are becoming more advanced and their fraudulent emails aren’t always so easy to spot.
Naveed Islam at Dojo explains: “Criminals are getting more creative with their deceit. Due to lockdown and the resulting closure of the high street, people’s buying habits have shifted to online, so it is not surprising that we’ve seen an increase in criminals tapping into this changing behaviour with fake parcel delivery scams.
“For many people these frauds are incredibly convincing and traumatic, however, this rise is being monitored and managed by UK police forces and Action Fraud.”
Check if you were you expecting a message from that company
Always check your latest correspondence with the company and get in touch with them if you’re not expecting any messages. Whether you’re unsure, or you’re totally convinced that you’ve received a scam text pretending to be a company, reach out to that company to inform them and see further information.
Always use the official websites of delivery companies to track your parcel.
Check you have signed up to receive text messages from that company
When you sign up to a company they will always ask for your permission to receive text messages from them. So before clicking on any link in a suspected fraud text message, always check this first.
Whether it’s clicking a suspicious link or providing your personal data, you should take some time to review the text and research its legitimacy before taking any actions.
If you’ve already clicked the link, check the URL straight away and do not login anywhere as scammers can capture your details to take over your account.
Check the text is from a number you recognise – Google the number before opening
Scammers can spoof phone numbers pretending to be from your local area code, or even a number that you know, so always google the number if the text you receive is suspicious in any way.
In a scam text message, their goal is often to convince you to click a link. Scammers thrive from creating a sense of urgency and panic from the recipient. They will use scare tactics or threatening language to make you rush into doing something.
Check for poor spelling and grammar, or mistakes to the company’s name
Although some fraudulent texts are highly sophisticated, many of them can be poorly worded and there are some tell-tale signs they’re not legitimate.
Never input sensitive data from text messaging links
If you do suspect you’ve been sent a smishing text, do not click on the link at all. Scammers often include malicious links and once opened allow them to access anything on your phone.
If you accidentally click on the link in your text, do not provide private information such as your user ID, password or payment card details to that website.
If you accidentally click on the link and provide private information, you should change your passwords immediately from a desktop or laptop computer and alert your bank who issued the payment card immediately.
Continue to check your bank accounts regularly to make sure no money has disappeared.
Join the conversation on our Money Saving Scotland Facebook group for energy and money-saving tips, the latest benefits news, consumer help and advice on coping with the cost of living crisis.
Sign up to our Record Money newsletter and get the top stories sent to your inbox every Tuesday and Friday – sign up here.
You can also follow us on Twitter @Recordmoney_ for regular updates throughout the day.
How to report smishing texts
Phone providers allow you to report suspicious text messages for free using the shortcode 7726.
If you forward a text, your provider can investigate the origin of the text and take action, if found to be malicious.
Get the latest money-saving and benefits news sent straight to your inbox. Sign up to our weekly Money newsletter here.
