If you receive an unsolicited text message from your credit card provider, think twice before hitting reply – it might be a scam, the police’s fraud bureau has warned.
ActionFraud has issued an alert about ‘smishing’, where scammers seek to steal your credit card details via SMS. According to the warning, the National Fraud Intelligence Bureau – part of the City of London Police – has received multiple new reports of criminals impersonating credit card providers in text messages to consumers.
The warning comes days after Financial Fraud Action UK revealed contactless card fraud had soared by 150% in the past year.
‘Smishing’ can be hard to spot – but our tips can help you identify potential scams and take action to protect yourself.
Find out more: How to spot a scam
What is ‘smishing’?
‘Smishing’ is short for phishing scams by SMS.
In a typical ‘smishing’ attack, a fraudster will send you a text message claiming to be your credit card provider or bank. Often, the text will say a transaction has taken place and ask you to confirm it by texting back ‘Y’ or ‘N’.
Responding in any way can make you vulnerable, because it confirms that your mobile phone number is active. The scammers will then follow up by asking to confirm your credit card details, CCV number (the last three digits on the back of your card) or other personal information.
Once armed with these details, the criminals can go on a spending spree, with you footing the bill. Both smartphones and analogue phones can be targeted.
Credit card fraud on the rise
In a recent report from Financial Fraud Action UK, ‘smishing’ was identified as a key contributor to the increase in remote purchase fraud, where stolen credit card details are used to make purchases online or over the phone.
Last year alone, cases of remote purchase fraud rose by 20%, with more than 1.43 million victims across Britain. Overall, consumers lost £432m to this type of fraud in 2016.
The report also identified a rise in contactless card fraud. Around £6.9 million were stolen in 2016 on contactless cards, up from £2.8 million in 2015.
Find out more: Are contactless cards safe?
How to protect yourself from ‘smishing’
‘Smishing’ scams can be sophisticated, closely resembling legitimate messages from well-known banks or credit card providers. But you can take steps to avoid falling prey to these tactics.
- Be wary of unsolicited text messages: If a financial provider contacts you out of the blue, proceed with extreme caution. An unsolicited message – whether text, email or letter – is often a sign of a scam, especially if it asks for personal information. If your bank does need to contact you, they will generally ask you to call their customer service centre rather than seeking an answer on the spot.
- Call your financial institution for confirmation: Any time you receive a message claiming to be from your bank or credit card provider, always call their customer service centre to confirm its validity. When calling, use the number on the back of your credit card or your bank statement, so that you can be sure you’re getting through to the real company.
- Check for inaccuracies or spelling mistakes: While mistakes can happen, financial firms rarely issue messages with spelling and grammar errors. Scammers sometimes use bad English on purpose to ensure that only the most vulnerable people take their bait. At the same time, ‘smishing’ messages may look identical to official communications – don’t assume you’re safe just because the spelling is correct.
- Don’t respond if an SMS seems fishy: Any response to a smishing message may confirm that your mobile number is active, potentially exposing you to future scam attempts. If you think there is any chance the message may be fraudulent, don’t text back at all
- Report scams to the police: If you believe you’ve received fraudulent text message, report it to the Action Fraud at http://www.actionfraud.police.uk or alternatively by calling 0300 123 2040
Find out more: How to report a scam