Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you
Paying for something

How do you recognise an SMS scam?

There’s no one time of the year that sees scammers sending out scams over SMS, so if you ever run into a so-called message from a bank, here’s how to spot the real thing.

They say the only certain things in life are death and taxes, but you can bet the other certainty is if you have money, someone is always going to try and take it away from you.

That’s one of the main premises of pretty much every scam going around, and whether it’s to remove your money by way of tricking you into handing over your details or locking down your files because you were unlucky enough to open up a form of malware or ransomware, there’s a good chance the criminal on the other end of the computer is doing it to rid you of some of your hard earned cash.

The unfortunate reality of cybercrime is that anyone can get caught, and while having some form of internet security installed will help, it can’t always be there. Some of the time, it comes down to being aware of how the crimes work. Or specifically, how cybercriminals will try to play you.

This week, one such random SMS arrived in the message box for Pickr’s editor’s phone, and it serves as a rather obvious case of how to pick up on SMS scams by citing all the things it does wrong, and what to look for.

So before you click on a link or touch a message and open up a URL in an SMS, ask yourself some important questions.

Do you belong to the bank?

SMS scams usually imitate banks, but one question definitely needs to be answered: which bank?

Quoting the old Commonwealth Bank advertisements is necessary here, because if you don’t belong to the bank the SMS has apparently come from, deleting it immediately should be the next step.

Banks aren’t dumb, and they have to deal with scams like this all the time, so the people at the banks who come up with policies for sending out messages already likely have some internal memo saying not to send links to specifically avoid any issues like this.

Think of it this way: when was the last time your bank sent you an SMS with a link inside? Even if you get messages from your bank, perhaps for account balances and such, do they ever contain links?

If the answer is no, you probably can see that the message is a fake, and if you’re questioning anything, call your bank using the number on the back of your card to find out whether the message you received is real or fake.

How’s the spelling in the message?

If there are three constants in life, it’s death, taxes, and someone trying to scam you out of your money, and in that last one, there’s a good chance their English probably hasn’t been thought through.

You might think it as a bit of an irrelevant thing, but when financial institutions send out messages, there’s a good chance that someone has checked through the spelling at least once or twice to make sure it makes sense.

Scams don’t generally get the same treatment, and so picking up on poor grammar or spelling can make it very easy to work out whether the message you’ve been sent was fake.

“Verifiacation”? Give us a break guys. Even the weakest of spell check errors would struggle to get that one.

The biggest question in a scam link stems from the link, because that’s the real point of the message. Really, it’s about getting you to click, with that link likely looking close to what the real link looks like, and tricking you into entering your details that way.

Tricking people into clicking a link isn’t tremendously hard, either. We’re all rushed for time, and so if we don’t actually look at the link — and we mean really look — there’s a good chance you’ll see what you think is written instead of what actually is written.

So before you even consider linking, read through that link and see if it really looks real.

In this case, the link is long, using dashes to suggest it’s a longer link, but the reality is verification-support-commbank dot com (notice how we write it without giving it a clickable link?) isn’t anything like the Commonwealth Bank’s real address of commbank dot com dot au.

Sure, they both use the same name, but all those dashes and extra words in the scam link make it a completely different place to go, and one the scammers will have control of. Go there and you’ll be tricked, don’t and you won’t (at least not this time).

Would this person or institution send anything to me?

If you’re still struggling to work out whether a message is real, before you click a link, just call up the company or financial institution to find out if the message is real. And don’t call using the number you’ve been sent the message on, but call using the actual number.

If the message purportedly came from the Commonwealth Bank, Google “Commonwealth Bank support” and call them up yourself to find out if it’s real. If the number is allegedly from Westpac, Google “Westpac Bank support”. In fact, if the message is from anyone and you’re still not sure of the validity, Google who it is purportedly from and call them up to find out.

Oh, and good news: you just spotted an SMS scam. May you never get caught again.

Read next