Revealed: the ways scammers target your mobile phone (from number-spoofing to DVLA fines)

Mobile phones are being aggressively targeted by scammers with bogus text, Facebook and WhatsApp messages, according to new Which? research - but could you spot a fake?

Three in ten Which? members received at least one scam message on their mobile in the past six months, with senders posing as trusted organisations like HMRC, the DVLA or TV Licensing or well-known brands like Apple or PayPal.

But despite receiving these messages designed to scare, intimidate or trick victims into handing over information, two in three (66%) chose not to report the attacks.

Here we reveal the most common mobile phone scam tactics, talk to security experts about why they work, what happens when you click on a link in a scam message and how to fight back.

• The full version of this story appeared first in the April issue of Which? Money magazine. Try Which Money for two months for £1.

Most common mobile scams and tactics

In January 2019, we asked 10,321 Which? members about their experience of mobile scams.

Three in ten told us they had received a suspicious message on their device in the last six months. The most common way fraudsters targeted the victims in our survey was through text messages (25%), followed by Facebook Messenger (5%) and WhatsApp (3%).

The tactics used by fraudsters trying to trick victims into handing over information were varied, ranging from simple too-good-to-be-true giveaways to highly sophisticated cons like 'number spoofing'.

Just under one in four reported receiving a fake HMRC 'tax refund' message typically claiming recipients had been overcharged and money was waiting to be claimed.

Many were targeted with messages designed to scare recipients into taking action such as alerts that someone had hacked a social media account (7%), bank account (8%) or PayPal account (18%).

Worryingly, one in ten in our survey experienced a 'number spoofing' scam which is where a fake message manages to enter a chain of genuine messages from a company you deal with regularly like your bank.This is able to happen because of the way mobile operators group messages and is a major flaw in the system that Which? highlighted last year.

A quarter of respondents told us there were other types of scam message popping up on their screens including bogus friend requests, DVLA refunds, Microsoft account issues, unpaid TV licence fees and phoney WhatsApp updates.

But not all unsolicited messages are scams. A large number of Which? members reported receiving messages about an injury claim from companies they had never contacted. This may be heavy-handed marketing or cold-selling, rather than an attempted fraud. Nonetheless, be wary of any message you don't recognise and avoid clicking links.

How you can spot a mobile scam

Some scams are riddled with typos or implausible claims, but others may slip under the radar.

In our research, we found a number of examples where the sender managed to impersonate a well-known organisation, and in at least one case, knew the recipient's first name.

The gallery below shows some examples of the type of scam texts that are common, so keep an eye out for these common tactics.

Why mobile scams can fool anyone

David Rogers, founder of mobile phone security company Copper Horse, told Which? Money the way we use mobile phones can make us vulnerable.

'You may be busy travelling somewhere or doing something and your reaction to a message or web advert may be entirely different to when you're sat at home concentrating. Criminals rely on this.'

This lower level of concentration combined with the small size of mobile screens can limit our ability to interrogate information fully.

Chester Wisniewski, from security software firm Sophos, explained: 'It is a lot easier to phish people on their phones as they cannot see many of the tell-tale signs of a scam, such as where a link will lead when tapped.

'This lack of context, combined with mobile browsers' default behaviour of hiding the URL bar to provide a larger display area for web pages, leads mobile users to fall victim to attacks at even higher rates than desktop users.'

What happens if you click a scam message link?

If you don't spot a message is a scam, it can have devastating consequences.

In our survey, we heard from members who had lost significant sums through phone and text scams after sending the fraudsters money.

But even if you don't lose money the effects of a scam text or call can still be scary.

One Which? member told us they had received a series of messages after making the mistake of clicking on a link in a scam iPhone text - even though she didn't enter any details.

5 ways to beat the scammers

Here are some tips to help you keep safe against scam texts and calls.

Be careful with your data - criminals can piece together data from a range of sources like what you post online on social media accounts.

Never click on links - you should be wary of the links in unsolicited messaged even if they appear to be from a trusted source at first glance.

Do not reply - never reply to a scam message as fraudsters may put you on a 'sucker' list and you could be bombarded with more scams.

Never share Pins or passwords - you should avoid giving out security details or passwords following an unsolicited call or text message.

Report suspected scams - you might be able to help others by raising the alarm. You can report mobile scams to Action Fraud and your mobile network.

• Find out more:how to report a scam

What's being done to tackle scam texts and calls?

Ofcom told us it had introduced new rules which help protect people from nuisance calls, including banning phone companies from charging for caller display a feature which can help victims screen calls.

UK mobile operators have also recently launched SMS PhishGuard, an initiative intended to block spoofing messages.

Banks are able to register and protect their 'sender ID' on a database, allowing mobile networks to block any attempt to send a text from a number that doesn't come from those registered by the bank.

UK Finance, which represents the banking industry, told Which? eight banks have so far signed up.

Which? is calling for all banks wanting to protect customers from fraud to sign up to this new initiative and if successful for it to be expanded beyond the banking industry.

Find out more:how to stop nuisance calls and texts

Original reporting by Ceri Stanaway

• This story appears in the latest issue of Which? Money magazine. Try Which Money for two months for £1.