Latest News

‘Smishing’: the latest fraud that’s plaguing big business – and how to combat it

Jeroen van Glabbeek, CEO at discusses how the latest trend in digital fraud, ‘smishing’ is hitting devices

As one door closes, another inevitably opens. The battle to lock out fraudsters and scammers is seemingly endless. Just as you solve one problem, they find another vulnerability to exploit. It’s like the battle to cure seasonal flu. Just as doctors think they have a cure, the virus mutates and finds another way in.

The UK trade body UK Finance says we are now losing more than £1m a day to bank fraud – more than £207m in the first six months of 2019 alone. Because the issue is so widespread, banks are becoming increasingly reluctant to compensate fraud victims if the latter may have unknowingly authorising fraudulent activity to take place.

A large proportion of fraud happens through push scams – those where a bank customer is deceived into revealing personal information. ‘Phishing’ has been around since the dawn of the internet, with scammers using email to convince somebody they are legitimate.

Then came ‘vishing’ – the telephone equivalent of phishing – with callers pretending to be employees from a bank or financial institution.

Now, there is the relatively new phenomena of ‘smishing’. It’s the fraudulent practice of sending text messages or SMS, purporting to be from reputable companies, such as banks, to trick individuals into revealing their personal information, such as online banking passwords or credit card numbers. What’s more, SMS messages are used to access the workplace, to download software or share invoices. In other words, successful ‘smishing’ could lead to financial distress, loss of personal data and even a malware attack.

‘Smishing’ is particularly perilous as consumers don’t expect a simple text message to be unsafe. We know to watch out for cybersecurity threats coming from email attachments and mobile app links. What’s more – SMS open rates are as high as 98%, which makes text messages extremely effective in reaching a global audience of all ages and walks of life.

Taking responsibility

‘Smishing’ that drives people to a fake website is relatively easy to spot if the URL is obviously fake. However, if a ‘smishing’ attack can be made to look and appear genuine, it immediately lowers a user’s guard (if they notice a call is coming from a bank, and is registered as a bank, there is little reason to doubt that it is, in fact, coming from a bank. Even when it isn’t…) However, banks and telecom companies have been slow to recognise the threat and respond to the ‘smishing’ phenomenon.

In the UK, such a laissez faire attitude may have been driven by precedent. In 2015, the Financial Ombudsman Service (FOS) ruled that banks were not responsible for Vishing fraud (or voice phishing) as customers had, in effect, given their own money away. It’s very similar to ‘smishing’. It’s often down to banks or fintech firms to decide on individual cases whether they compensate the victim. However, any instances of fraud tend to have a knock-on effect on reputations of all businesses involved in such a scam – be it an e-commerce company, a shared economy platform, a retailer or any other business with digital payments capabilities being unknowingly caught up in the event of a fraudulent online payment / transaction.

Putting customers front and centre

As more and more businesses benefit from the power of Conversational Commerce; it is becoming increasingly important to ensure that omnichannel customer communications remain secure and ‘smishing-proof’. As SMS remains an important element of the customer communication for many businesses around the world – it is important to remember that this means of communication does not allow the recipient to confirm the identity of the sender – unless SMS has been carefully integrated into a Conversational Commerce ecosystem that uses SMS Firewalls and other anti-phishing techniques.

Beware of prize competitions requiring mobile numbers, non-secure online marketplaces and data leaks, all of which all playing into the fraudsters’ hands. A new phenomenon called ‘spear fishing’, whereby criminals are targeting specific groups of people working for a specific company or a department, has even a higher success rate, as messages can be better tailored to the target recipients’ expectations.

Rich Communications Services (RCS), on the other hand, are rapidly providing secure phone numbers for businesses and consumers. In contrast to simple text messaging, RCS has the ability to verify a senders’ identity. The message will show a user’s logo at the top of a conversation, along with their official brand name, brand colour and a User Interface (UI) indication to designate the verification status, such as a check mark. Which is why has joined Google’s Early Access Program for RCS Business Messaging, an initiative which enables businesses to send richer, more interactive and useful messages to customers in a way that is secure vis-à-vis to SMS messages that offer a very basic experience for consumers and businesses alike.

Additionally, popular social media platforms and mobile chat apps offer a much more secure customer communication channel that can be further secured within a purpose-built omnichannel Conversational Commerce platform designed with the ultimate customer engagement and cyber security features in mind.

Moving with the times

Today, customers expect businesses to take responsibility when things go wrong. Show that businesses care about consumers as much as profit. They want businesses to help resolve a challenging issue in real time. Conversational Commerce is that secret weapon that can solve a number of issues before they happen. Not only it is configured to help prevent ‘smishing’, ‘vishing’, ‘phishing’ and ‘spear fishing’ as all senders are verified every step of the way – it also enables superior customer experience.

Businesses can use Conversational Commerce across multiple channels and choose the recipient’s preferred channels to chat. It fosters a conversational approach with a two-way dialogue between customer and brand owner based on Artificial Intelligence (AI) learning of their past decision-making processes ensuring customers get relevant content they actually care about. Which saves time for customers and facilitates business growth for companies – all while putting smiles on customers’ faces. Responsible and modern businesses always move with the times – unleashing the power of technology to solve their most pressing problems. Conversational Commerce is just one such solution that kills ‘two birds with one stone’: keeps customers happy and fraudsters – at bay.