“Freemsg: Chase, Did you attempt a wire transfer amount of $7500. Reply Y if recognized, Or NO to stop fraud.”
How would you react if you received this text? Many people wouldn’t hesitate before replying. But the above text is from a criminal impersonating Chase Bank – and this scam cost the recipient $15,000. Such SMS-based fraud (or “smishing”) is soaring. In the first half of 2021, smishing attacks increased by 700% in the UK alone. While financial institutions and utilities are the targets of many high-profile scams, product brands are also suffering.
So, why the dramatic rise? Fraudsters have long been alive to the growing relevance of mobile devices. Mobile commerce has exploded and is expected to surpass $710 billion by 2025, with smartphones accounting for 83% of social media usage. As product brands connect with their consumers online and digital dominates many more customer journeys, interactions often start and end on mobiles. And criminals are quick to spot an opportunity.
Mobile devices are now used in over 60% of digital fraud cases.
In a world of smartphones, why target the humble text message? The rise of smishing.
Fraudsters are exploiting the growth in mobile commerce, and scam package delivery texts have become the most common smishing attack in the UK. SMS inboxes are also more vulnerable to fraud, as they have limited security filters compared to channels like email. The stark reality is that there is little a recipient can do to distinguish between a legitimate and a fraudulent text message. In fact, despite the limitations of the short message format, it is this simplicity that contributed to its early uptake by users and has sustained its popularity ever since.
Simpler still, how about a voice call or message? Beware the vishing scam.
Some forms of imitation are even more audacious and destructive. Vishing (voice-based fraud) attacks typically start with an urgent phone call or voice message. Criminals often impersonate customer service teams to encourage the victim to trust them, in an attempt to obtain account details or access their devices. It’s not just consumers at risk, as brands themselves are also being targeted, with around 70% of businesses having faced vishing scams. Fraudsters can be convincing on the line, especially if they appear knowledgeable about a fake charge or know information about the victim, possibly from an unrelated past information breach.
In 2021, over 25% of scam texts were reported as package delivery scams.
How are the imposters becoming more sophisticated? Apps are the latest targets.
Mobile smishing, vishing, and phishing, are not the only threats that find their way onto mobiles. Nefarious mobile apps can be used as storefronts to sell counterfeited products, while others may imitate legitimate apps to divert revenues away from established brands or steal login credentials. Even on legitimate apps, consumers are not safe. Social media platforms are now counterfeit hotspots, with Ghost Data finding over 50,000 accounts promoting fake fashion on Instagram. But it’s not all about counterfeits. Bad actors use social media to create false associations with brands, generate fake endorsements, and lure consumers away from legitimate brands.
Are consumers about to give up simplicity for more security? Not likely.
From shopping to social media, mobile devices underpin everyday consumer habits. But this makes them ever more vulnerable to fraud, because there is an inherent paradox for brands. As much as consumers are concerned (or in some cases terrified) of fraud, they are equally reticent about giving up the ubiquity and simplicity of a standard text message or email. So, just as product brands have optimized their customer journeys for mobile channels, they must also adopt a mobile first mindset for their brand protection. This needs to address counterfeit selling on social media and apps, as well as impersonation via smishing and vishing.
So how should brands tackle the new frontline for fraud? Think mobile first.
For most brands, an effective response will combine consumer and staff education to raise awareness of risks, as well as verification measures and safeguards built into the online experience. Personalized greetings on apps are a simple example, while two factor authentication is more robust but equally can be more onerous for users. But as effective as these measures may be, fraudsters will continue to adapt their scams and tactics against their victims. So brands must look to partner with industry specialists who know how to counter all forms of mobile fraud. By combining responses, brands can mitigate the threats while making the customer journey secure yet seamless.
Ready to take action? Find out how OpSec can help protect your brand from mobile-based threats.