Stop us if you’ve heard this one before.
A person notices a text message on their phone. The text is from their credit union, letting them know their account has been compromised and they have suspicious charges that need to be addressed. In a panic, the person uses the provided link to visit a familiar-looking website and attempts to log in to their account. However, they unfortunately discover that this is not their credit union’s website, and they have just provided all their account information to a scammer.
If you’ve experienced this scenario before (hopefully with a better outcome), you’re definitely not alone. This phenomenon, known as smishing, is popping up at increasing rates around the world.
What Is Smishing?
You may be familiar with a term that’s been around for a while, called phishing. Phishing scams typically occur through phone calls or emails where the attacker poses as a trusted business or government entity to obtain sensitive information that could be used to steal one’s identity or access finances.
Smishing is a form of phishing that happens through SMS (Text) messaging. The attacker sends a compelling message that prompts the recipient to click a link. The link either provides a way for the recipient to transmit their private information, or downloads malicious software to the recipient’s smartphone.
Smishing is often compelling because users tend to find text messages to be more personal than email, and are therefore more likely to feel trustworthy. Additionally, people tend to be much more responsive to text messages than emails or phone calls. Phishing scams through email are likely to get filtered to spam folders and never see the light of day, and phone calls from unrecognized numbers tend to go unanswered.
Attackers may pose as a credible financial institution or even the IRS in order to gain access to information such as account numbers, passwords, social security numbers, and other private information that would leave a recipient vulnerable to identity theft.
Smishing has become so pervasive that in the year 2020 smishing attacks increased by 328%, according to a security firm survey. In 2021, consumers reported nearly $10 billion in losses as a result of 87.8 billion smishing attacks. And the worst part? It’s estimated that less than 35% of the population knows when they are being targeted by a smisher, leaving the door to future scams wide open.
How Smishing Impacts Community Financial Institutions (CFIs)
The foundation of any relationship between a financial institution and member is trust. Members need to know their assets are safe and secure, and that their CFI will be responsive, helpful, and accountable.
Smishing scams erode the trust between financial institutions and members.
Lack of trust makes communication between a financial institution and members more difficult, leading to lower levels of customer satisfaction and fewer utilized services. Regardless of whether a person’s financial or personal identity are actually compromised, smishing attacks have detrimental effects to both targets and financial institutions.
What Can Community Financial Institutions Do About Smishing?
Smishing attacks are a complicated problem to tackle, but there are things that CFIs can do to help protect their members.
First, knowledge is power. Proactively educating members about smishing attacks, what the warning signs are, and how to handle them will give members the tools they need to protect themselves.
Second, it’s important to provide easy and open channels of communication for members so they can receive quick answers in the event of a smishing attack. One of the most important lines of defense for a member is to directly contact a CFI to ask if the communication they received is legitimate. Being able to quickly engage in a trusting dialogue, in a manner convenient to members, will help them to maintain confidence in their financial institution while also protecting their identities.
Unfortunately, fraud will continue to be a growing problem in our increasingly digital world. Utilizing a smart digital communication solution such as Eltropy will enable financial institutions to provide quick, secure communication with members at the times they need it most.