Text message fraud
Text message fraud ('Smishing') is contact made by mobile text message.
Some criminals use text messages to trick you into divulging personal or sensitive information such as PINs or passcodes. The message will often appear to be from a legitimate source and may ask you to click on a fake link or open an attachment.
Links and attachments may lead to an attempt to infect your device with a virus or redirect you to a fake website which could compromise your account details.
They can also make messages appearing in the same text chain look genuine, which make these messages tough to spot.
It’s important to know what Smishing looks like, because it isn’t always strange texts from unknown numbers. In fact, some criminals even use technology to make their messages look as though they are from your bank.
Remember that fraudsters can send messages using alpha tags from genuine companies to make their fake messages appear to be real (the alpha tag is the name at the top of the message, telling you who sent it).
But thankfully, by knowing what to expect, you can protect yourself. We’ve put this section together to show you the kind of messages fraudsters send so that if you get a Smishing text message you can spot it straight away.
Green highlighted text below shows headings for drop down text
Icon expand Criminals sending these texts will try to alarm you
Criminals might try to scare you into believing your bank account has been accessed. They might use capital letters or frightening language to encourage you to act.
Remember that fraudsters have no way of accessing your account, so don’t click any links or reply with personal information. Never reveal the details of PINs, passwords or Smartcard codes to anyone via text in any circumstances, even if the sender claims to be from the bank or a company you trust.
“WARNING we’ve noticed some suspicious activity on your account. For your security, your account will be suspended if you do not get in touch. Click this link to contact our fraud team.”
Icon expand They might use shocking numbers
By telling you a specific amount has been withdrawn from your account, fraudsters want to make you panic. Don’t respond to them. Check your bank balance using online banking, or our mobile online or Bankline Mobile app for peace of mind.
“A withdrawal of £1566.04 has been made from your account. If this wasn’t you, please call the fraud team on XXXX XXX XXXX immediately.”
Icon expand They’ll often try to rush you
Telling you to “act fast” is one-way criminals can get you to act without thinking. They might claim that your account has been accessed at a specific time to make the Smishing text message seem genuine, or make you feel responsible by implying you’ve missed important calls or emails from your bank.
“Our security team need to speak with you urgently. Your bank account was accessed at 14:35PM. If this wasn’t you, please call our fraud team immediately on XXXX XXX XXXX.”
Icon expand They might tell you a certain device was used
A fraudulent text message can feel genuine because it says a specific device was used to log in to your online banking. They may tell you an unauthorised or unknown device was used. We will never ask you to secure your account or click any links via text messages.
“An unknown device has just been used to log into your bank account. Your account may be at risk. Please visit www.afakelink.com to secure your account immediately.”
Icon expand They’ll try and sound helpful
Another way a criminal will try to trick you is by using language you’d expect to hear from a bank or a company you trust. They might use friendly words or even include some of the slogans and phrases you’ve come across before.
“Someone tried to access your account today, but thankfully we stopped them in time. To protect you we’ve put a temporary block on your account. All you need to do is use this secure link to log in: www.afakesite.com. Just follow the helpful steps to unlock your account and reset your password.
Report anything suspicious to us straight away. Together we can fight fraud.”
Icon expand They may follow up a smishing text with a call
There have been cases where fraudsters send a Smishing text and then quickly follow up with a phone call, to make the scam appear more real. When a fraudster uses a phone call to try and trick you into telling them your financial information, it’s known as vishing.
Learn how to spot and avoid vishing scams.
- Forward any suspicious texts referring to Ulster Bank to the number 88355. Standard network rates apply.
- Our text messages may contain links to our websites, but, like our emails, never link to pages that ask for any online banking or full card details
- Never reveal the details of PINs, passwords or Smartcard codes to anyone via text in any circumstances, even if the sender claims to be from the bank or a company you trust
- Do not phone the number included in the message, as fraudsters will try to trick you into giving away personal information. Always contact the bank using a number you know and trust
- Fraudsters can send messages using alpha tags from genuine companies to make their fake messages appear to be real (the alpha tag is the name at the top of the message, telling you who sent it)
- Don’t text back or reply STOP to the messages
- Exercise care when using public Wi-Fi networks
- Consider using Virtual Private Networks (VPN’s)
- Keep your phone's operating system up to date and don’t install apps from untrusted sources
- Consider using an anti-virus app for mobile smartphones and tablets
- If you have already clicked on a link, it is advised to run a scan with your antivirus software to check your device for any malicious software
Take Five is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud. This includes email deception and phone-based scams as well as online fraud – particularly where criminals impersonate trusted organisations.