June 24, 2019

There are a few different ways that scammers use to trick us into doing their bidding. We tend to talk a lot on this blog about email ‘phishing’.

What is SMiShing?

Traditional phishing usually replies on emails to carry a malicious link or malware-infected attachment to a target. But cybercriminals like to ‘mix it up’ and they also use mobile text messages to send malicious links too. This form of phishing is called SMiShing (yes, we know it’s a terrible name – it’s basically short for SMS phishing…!).

According to marketing statistics, the open rate for a text message is around 98%, whereas the email open rate is more like 20%. If I was a scammer, I’d place my bets on using text messages as a conduit for my evil doings. In this week’s scam post, this is exactly what the scammer behind the malicious NatWest SMiShing text message we received must have thought.

The NatWest SMiShing scam details

This week, I received a message purporting to be from NatWest bank. The messages were received like any regular text on my mobile.

Now, here’s the really interesting bit…

The SMiShing scam landed right into the actual thread of messages from my bank. 

So on first glance, it looked real.  Check out the below image – the top two images are genuine messages from my bank (I had set up that new payee and I had missed a call from NatWest about an account):

NatWest SMiShing Scam

But the third text – that was the sneaky SMiShing scam.  The text told me that my online banking had been disabled for security reasons and to click a link to unlock the account.

The theme of the latter message is one which is regularly used to encourage the reader to click on a malicious link.

The message uses a sense of concern and urgency, coupled with security (the very thing it circumvents) to encourage you to click a link.  Not least because it was presented in the actual thread of my messages from the bank too.

How did they make it appear in your text history?

This is a sophisticated scam.  Here, the scammers are most likely to be spoofing the mobile number from which NatWest ordinarily sends it’s text alerts, so the message comes straight in to a string of legitimate texts you’ve already got from your bank.  Clever, huh?

So, what was in the link when clicked?

Firstly, the link took you to a site that looked, for all intents and purposes, like a login screen for NatWest bank. Logging in using my credentials would send them immediately to the scammer who would use them to log in to my bank account; scammers create ‘proxy’s which are sites that sit between you and the real site and that redirect your login details to the real site on behalf of the scammer.

Secondly, the site also seemed to be infected with malware, as our scan below shows. This malware could be used to infect a mobile device, perhaps with a trojan, that could then be used to steal bank login credentials.

NatWest SMiShing scam

NatWest is, like every other bank, no stranger to phishers targeting their brand. Scams of this nature are often random, as there is a reasonable chance the scam will hit an actual customer of the bank at some point.

The best way to deal with a SMiShing message is to:

  1. Never ever click on a link in an email from a bank or other organization. Either contact the bank directly or if you need to check your account, type the bank’s URL into a browser directly and log in from there.
  2. Do not call the number in a suspicious text message.
  3. Keep your phone operating system and apps up to date
  4. Never, ever, give out PIN numbers or login details over the phone or via text
  5. And…, just because a message appears in your actual message feed you’ve had with the bank or a contact, don’t automatically trust it!

If you receive a NatWest scam text message contact NatWest by forwarding the suspicious text to NatWest using the number 88355.

Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

NatWest Scam Text 

SMiShing is a form of phishing that uses mobile text messages to trick you. A NatWest SMiShing text message is doing the rounds. It will look like it is from NatWest and will urge you to contact the bank by clicking on a link or phoning a number.  It may even land in your messages inbox in the same thread of messages for genuine texts you’ve previously received.

Do not click any link in a suspicious text message.

Also, do not call any number in a suspicious text message.

Scammers will attempt to extort money or bank login credential.

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!

Share this: