Published: Dec 03, 2021
Last update: Sep 28, 2022
Products and Services SMS services

Differentiate between a fraudulent SMS from another one which is not

spam sms diffeerences
Differentiate between a fraudulent SMS from another one which is not
5 (100%) 15 votes

SMS messages have become a fundamental communication tool for companies, as they are very reliable when distributing them (and with a very high open rate). Using Verified SMS by companies like Google also adds a layer of security which today is very important. 

Many people, when they receive a message, are a bit worried about possible fraud or scams they can suffer from. And they are right to be attentive: unfortunately, fraud attempts on the web and digital communications (SMS, emails, etc) are very common and risky. 

The Spanish Observatory for Informatic Crime has detected over 210.000 crimes in 2019, when in 2013 there were only around 42,000. Through phishing (or smishing, as has been called the act of fraud through SMS), criminals can steal personal data, passwords, and other sensitive data. For this reason, next we will give you details on how these illicit messages are sent and how to detect possible fraud in text messages.

It’s useful to know how these fraudulent messages are sent to differentiate our campaigns. In this way, we will avoid fear or confusion in our receivers, obtaining better results and engagement in any communication. The summary is simple: to transmit reliability in the sender field of the message.

Ways to Detect Fraud via SMS 

    • The absence of a sender: malicious SMS do not usually have an alphanumeric sender. Instead, they have random numbers that receivers do not have in their agendas. Many companies use the personalizable sender so users know exactly who’s sending the message, providing them trust. The best option for this are verified SMS. In this case, Google verifies the messages by using an additional chart that features the name of the company and relevant data, as the logo. LabsMobile offers Verified SMS by Google and it’s necessary to go through a process of validation and inscription of senders.
    • Links to pages of authentication: in general, malicious SMS come with an external link where the phishing attack takes place. This is usually a page where you have to sign in with personal data to download a file into your mobile phone. 
    • Normally, the destination URL is similar (but not exactly the same) to the one of the entity or company being imitated. It’s very important to take a look at the URL because they have slight differences (for instance, bankia.es => login-bankia.es or movil.bankia.es). This is particularly important when using a mobile device, because most systems only show the URL in the navigation bar and this can be very confusing. 
    • Links are shortened or hidden. Similarly, links that go in a fraudulent message come shortened by an unknown platform, so people cannot see the complete address. Then, we recommend you to avoid them or use a security tool to visualize the whole URL. 
    • Destination pages are usually simple and not very functional. You can usually only enter an account or use your credentials. We recommend that you avoid visiting these URLs, links to social media until you verify their authenticity. Any authentic website publishes additional contact methods so you can get in touch with them. 
    • These are platforms that the user does not visit. Attackers tend to send messages massively to thousands of users and pick very well-known entities many people use. In this way, they may reach someone who actually uses the platform, such as a logistics company or a bank. 
    • They are not personal messages. SMS marketing is personalized. Companies use their database to create a personal, trusted relationship with their clients by sending specific messages using name and surname. In turn, SMS with fraud are generic and use phrases like “Dear user”. 
    • They seek to generate panic with alert messages to confuse the victim. These are messages that indicate that a certain account is about to be suspended, that there was a problem with a bank account, etc. Due to fear, many people end up visiting the malicious URLs, trying to solve the problem and giving the scammers access to their personal information.
    • There are grammar errors. In phishing attacks, grammar is abandoned. If you pay attention, you can find spelling and syntax mistakes, sentences that make no sense, bad translations, and more. It’s important to read them attentively to detect possible fraud. 

 

Recommendations to avoid fraud with SMS

Knowing about the main methods that attackers use when committing fraud with text messages, you can take precautions and safety measures in consequence.

1 Lastly, you have to check any type of sensitive information. For example, if you get an alert message from the bank, you can confirm with a phone call or an email. Consulting with the platform that supposedly sent the SMS can save you from a phishing attack. As a general rule, financing entities and the majority of companies never ask for information via SMS or email. Any arrangements should be made within the app or control panel once you have entered the account correctly. Then, we should be suspicious of any message that asks for data or credentials.

2 Pay attention to the domain or subdomain at the end of the link. Check that it’s always done through HTTPS connections and that the certificate is correct and belongs to the entity we want to visit.

3 It’s advisable to activate the 2FA authentication in any web or platform we use, especially all those that are related to transactions or financial operations. The majority of these platforms have a 2FA with SMS, call, or apps like Google Authenticator. In this way, even though somebody may have our credentials, they won’t be able to access our account or data.

4 When facing any issue or problem, we recommend that you contact Customer Support directly and not to follow a possible fraudulent URL.

5 Don’t trust senders you don’t know and with whom you don’t have any commercial relationships. Especially if they are asking for data or authentication. This means that, if you’ve never received an SMS from your bank, then don’t trust a new one even if it seems legit. 

6 Always be attentive to all the details. Read and re-read SMS many times to look for evidence of fraud. If it doesn’t have a sender, if it has spelling mistakes, suspicious URLs… these are red flags. When in doubt, you should avoid the message. In this case, you should contact the company to obtain more details about the case.

LabsMobile illustration

Differentiate between a fraudulent SMS from another one which is not

If you want to increase the trust of your users in your SMS to avoid them ignoring the message for fear of fraud, we offer the best solution with our LabsMobile platform that include: 

  • Dynamic and alphanumeric (in the countries and operators where it’s available). 
  • Reliable URL shortener 

Besides all the features you need for your campaign to be successful, you’ll also be able to access Verified SMS by Google without an additional cost. If you’d like to know more, you can read this article about it or communicate with our team. We’ll be happy to help you!