Pickr
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap
No Result
View All Result
Pickr
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap
No Result
View All Result
Pickr
No Result
View All Result

How do scammers send SMS that look like the real deal?

Leigh :) StarkbyLeigh :) Stark
July 22, 2019
Reading Time: 3 mins read
Share on TwitterShare on FacebookShare on LinkedInShare over email

Australia Post has sent you a message about a package, and then all of a sudden, you get another from them about a mystery prize. Is it real, and if not, how have scammers achieved this?

One of the more troubling aspects of an SMS scam is the ability to make messages seem legit. It’s not so much the messaging, though scammers are beginning to adopt better grammar and punctuation than before, so we can’t rely on that old rule.

No, the major troubling aspect is how SMS scammers infiltrate our stream of messages, convincing us their scamming link is real by coming into our standard messages.

It’s not just a random name or number anymore, because scammers can arrive in our phone’s SMS inbox by pretending to be a major company. They can’t be Apple or Google — those are off limits — but they can pretend to be Telstra, the NBN, or even Australia Post, and that’s where things get troubling.

Reported by a Pickr reader, one recent scam involved a message that was purportedly from Australia Post coming in under the typical “AusPost” name sent by the company, and yet was a scam. The message came in just as if it were any old message from the company, and even sat between two legit package pick-up messages from Australia’s mail provider.

But as you can probably expect, the whole thing was just a scam, and it’s a criminal doing something a little dodgy by taking advantage of a loophole in phone inboxes to get a way in.

How do scammers do this? How can scammers pretend to be a major company, and what can we do to stop it?

How do scammers pretend to be someone else in SMS?

In a rather troubling move, scammers have made the jump to convince you of their authenticity by using the SMS names of major brands. We’ve seen one attempt JB HiFi with the rather misnamed “JB Store” thus far, but “AusPost” is one Australia Post actually uses, and scammers are copying it.

So how do they do this?

SMS scammers typically rely on online bulk sending message services to send out their attacks, and these allow them to attach a name to them.

But because messages from companies can arrive from more than one phone number, smartphones can still group them based on the send name. If this seems like jargon, it means that if Australia Post uses the name “AusPost” on its SMS and a scammer does as well, the messages will be grouped together under the same “AusPost” name.

It’s a problem because it means all a scammer needs to do to hide their name is become someone else. The moment they attach that name to their SMS, the message they send out will sit under the same banner.

This leads to two problems:

  1. If you’ve ever received a message from the sender, the SMS scam looks legit because it falls in the same message stream, and
  2. If you’ve never received a message from the sender, an official sounding name looks more official than a scam that has come from a nameless number.

How do you know not to click on a scam SMS?

Knowing whether to click on the message comes from learnings you may be picking up as scams evolve, and one of the more direct approaches is to recognise a scam and the tendencies they have.

Scams don’t typically look like messages. They come across like they’re trying to bait you, such as a “mystery package” instead of telling you what post office you should be going to in order to pick things up. Scammers tend not to have these details, and so generally send out a bulk email in order to convince everyone.

It means if you might live out at North Sydney and have to go a North Sydney post office for collection, scammers can’t guess that. Scams have to be a little more generic.

Scams also tend to rely on outlandish URLs, at least for the moment. Scammers are fully aware many of us won’t check the link before clicking, and so won’t always go out of their way to make the link believable.

There are plenty of ways they certainly could, including using similar domain names, but few seem to be doing that. That means, though, that scammers won’t always change the website URL or its domain, opting for whatever they can get their hands on.

In the case of the scams we’re seeing lately, the links are the dead giveaway that the messages are scams, giving you a reason not to click.

Simply put, before you think about clicking, look at the link in its entirety and see if it looks legit. Check the domain and make sure it’s the real deal.

If a link doesn’t look anything like the links provided in previous messages or the whole thing looks less than legit, you’re looking at a scam. Don’t click, delete, and move on.

Leigh :) Stark

Leigh :) Stark

One of Australia's well regarded technology journalists working out of Sydney, Leigh Stark has been writing about technology for over 15 years, covering phones, computers, cameras, headphones, speakers, and more. Stylising his middle initial with an emoticon, he aims to present tech in a way that makes it easy for everyone. While he founded Pickr in 2016, Stark's work can be seen in other publications including The Australian Financial Review, Popular Science, and many more. His award-winning podcast "The Wrap" is syndicated on Southern Cross Austereo's LiSTNR network weekly, while he can be heard on radio via ABC Brisbane and ABC Canberra, and seen on TV's Nine. Check out Leigh Stark's most recent media appearances.

ADVERTISEMENT

Related Posts

Scammers try a dark approach with coronavirus vaccine scams
Security

Monkeypox gives scammers something new to con with

June 12, 2022
Samsung Galaxy S22 Ultra reviewed: practically epitomising premium
The Wrap - Australia's fastest technology roundup

The Wrap – Big screens, security, and Samsung’s S22 Ultra

May 23, 2022
Scammers try a dark approach with coronavirus vaccine scams
Security

Google Drive goes on defence with anti-malware, anti-phishing

May 17, 2022
ADVERTISEMENT
  • Recommendations
  • Best Picks
  • Methodology
  • About
  • Media Appearances
  • Contact
Change the way you choose.

© 2016 to 2022 Publishr Pty Ltd: ACN 624 227 256
All rights reserved.

No Result
View All Result
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap

© 2016 to 2022 Publishr Pty Ltd: ACN 624 227 256
All rights reserved.