Scam text messages are some of the most prevalent cyber security attacks, affecting individuals and organizations alike. According to a report by the Federal Trade Commission (FTC), American consumers lost $330 million to text message scams in 2022, up from $131 million in 2021.
Scammers often employ tactics of pretending to be legitimate businesses, like Amazon, UPS, or a popular bank, sending scam text messages. They may attempt to gather personal data such as passwords, social security numbers, or credit card information or trick recipients into clicking on malicious links.
In this article, we shed light on the dangers of “smishing” and the importance of implementing SMS marketing best practices as a preventive measure, by looking at:
- What Is Smishing?
- Dangers of Fake SMS Marketing Strategies to Brands and Customers
- Effects on Customers and Employees
- Effects on Brands
- Top 5 Most Reported Text Messaging Scams
- How To Stop SMS Scams From Damaging Your Company’s Reputation
Read on and discover how to stop scam texts from harming your company and customers.
What Is Smishing?
The term “smishing” is derived from combining the terms “SMS” or “short message service” and “phishing.” It is a type of cyber attack that uses fraudulent mobile text messages to manipulate people into taking specific actions, from downloading malware to divulging sensitive data and sending money to cybercriminals.
Most scammers engaged in smishing target sensitive personal and business information. They may attempt to obtain the following:
- Names, passwords and addresses
- Social security number
- Credit or debit card information
- Zip code which they can use as an additional verification step when making unauthorized transactions
- Bank name or credit card company
- Work login details
- Customer and/or vendor information
- Device and network information
Over the years, text scams have evolved into more sophisticated schemes.
Some scammers and fake SMS marketing companies pretend to offer job opportunities only to lure people into transferring funds from their bank accounts for supposed job-related expenses. Another common tactic involves enticing individuals with promises of fictitious discounts or prizes from trusted companies.
The prevalence of smishing has increased significantly because people are more likely to click links in text messages than in emails or other forms of communication. In fact, SMS click-through rates range between 8.9% and 14.5%.
Additionally, text message scams have become easier to orchestrate. For instance, scam bots and deceitful SMS marketing companies can cover their tracks by using burner phones which are cheap, disposable mobile devices meant for temporary use.
It’s also harder to spot dangerous links on cell phones. Unlike computers, where users can hover over a link to verify its destination and authenticity, smartphones lack this feature.
Dangers of Fake SMS Marketing Strategies to Brands and Customers
On a micro level, fake SMS marketing strategies can wipe out a person’s bank accounts in the blink of an eye. On a macro level, text message scams create challenges for businesses, such as reputation damage and loss of customer confidence. As users lose trust in text-based communication channels, companies may find it harder to effectively reach and engage with their customers via email and SMS marketing.
Effects on Customers and Employees
Here’s how fraudulent SMS schemes affect your customers and employees:
Identity Theft
Fake email and sms marketing campaigns allow scammers to assume the victim’s identity and perform fraudulent activities, including maxing out credit cards, opening new accounts or acquiring loans. This leaves the victim responsible for the resulting debts.
Privacy Breaches
Fraudsters may compromise an individual’s security and privacy by tricking them into disclosing sensitive information. This can result in the disclosure of private photographs, conversations or documents.
Financial Loss
Text message scams can quickly lead to direct financial loss. Using stolen data, fraudsters can make purchases, sign up for subscriptions or transfer funds from the victim’s account, resulting in direct financial loss.
Effects on Brands
These are how SMS scams cripple businesses:
Unauthorized Access to Internal Systems
A text message scam can manipulate employees into divulging their corporate login details, leading to potential data loss for your brand. An example is Twilio’s network intrusion in 2022 that granted unauthorized hackers access to the data of 125 Twilio customers.
Hackers sent Twilio employees an SMS falsely claiming to originate from Twilio’s IT department. The message notified the recipients that their password had expired or their schedule had changed. As a result, they must log into their Okta accounts using a link provided in the message.
The recipients were unaware that the link led to a replica of the Okta login page. Once they entered their Okta credentials, those details and two-factor codes were sent to the hackers on a Telegram chat. This gave them immediate access to the company’s systems and customer data without the employee’s knowledge.
Damaged Reputation
Successful smishing attacks can tarnish a positive reputation you’ve spent many years cultivating and prevent you from maximizing the benefits of SMS marketing. You can lose credibility with your customers, spend a significant amount of time on remediation and thousands of dollars in damages.
Direct Monetary Loss
The costs associated with reputation repair and recovery due to a text message scam can be substantial. This includes expenses for compensating affected individuals, managing identity protection, carrying out internal investigations and implementing robust security measures to prevent future attacks.
Reduced Company Value
Some investors may lose trust in your organization and transfer their funds to competitors to safeguard their portfolio, affecting your company’s market position and overall success.
Top 5 Most Reported Text Messaging Scams
Industries most affected by fake SMS marketing campaigns include banks, retail brands and postal service providers. In fact, according to the latest data by the Federal Trade Commission, bank text scams were the most reported type of text message scam. These SMS marketing campaigns supposedly came from large financial institutions, such as Wells Fargo and Bank of America.
Bank text scams are meant to create a sense of fear or urgency, driving individuals to take prompt action. Scammers would often manipulate recipients by claiming that their accounts have been compromised, unauthorized transactions have been made or that they must update their personal data to avoid penalties or account suspension.
Bank text scams may contain links that lead to fake websites. These sites often resemble the bank’s official website and are designed to deceive recipients into inputting their banking credentials.
On the other hand, some scam text messages may include malicious attachments that, once clicked, install malware on the recipient’s device. This malware can steal personal information or grant unauthorized access to personal banking accounts.
After bank text scams, the most commonly reported fake messaging schemes were:
- SMS marketing campaigns promising a free gift, often from a retailer or a cell phone carrier
- Postal service text scam messages from FedEx or the United States Postal Service (USPS)
- Fraudulent job offers, such as mystery shopping and car wrapping
- Bogus Amazon security alerts
Most postal service text scam messages alert the recipient about a delivery issue and request for personal information and/or a re-delivery fee. If you aren’t expecting a delivery in the first place, the message is likely a postal service text scam.
How To Stop SMS Scams From Damaging Your Company’s Reputation
Education is your first line of defense against a text message scam. Ensure employees and consumers know how to stop scam texts and what to do if they receive one. They should never reply to any suspicious texts. Once a scammer knows a number is active, they’ll only annoy the recipient with more spammy messages.
Recipients can forward any unwanted messages to 7726 (“SPAM”), which is the number designated by The Global System for Mobile Communications (GSMA) for reporting spam texts. They may also report the SMS to the FTC via their website.
As a brand, offer employees regular training sessions on how to stop SMS scams. You can also provide informative infographics or articles on your website or social media channels to educate your audience.
Should your brand be a victim of SMS scams, prioritize crisis management. Notify affected customers, stakeholders and employees of the incident right away. Be transparent about the steps your company is taking to address the issue.
Lastly, engaging in SMS marketing best practices is a must. From high open rates to direct and personalized communication, the benefits of SMS marketing are endless.
A proactive SMS marketing strategy includes sending compelling text messages with clear CTAs, obtaining explicit consent from recipients and providing clear opt-out options. All of these practices can help build trust and transparency. Likewise, establishing a unique and consistent tone of voice can differentiate your brand from fraud and reduce the likelihood of customers and employees falling for text scams.