18 Apr Cyber Security – Text Message Scam
Never Trust a Text From Your Bank
Fake text messages that look like they are coming directly from your own bank are so convincing, even the fraud director at Lloyds Banking Group admits he can’t always spot them!
You may be aware that when a bank sends you a text message they typically do not come from a number, rather it just shows you the name of the bank, as shown here. But always question everything you receive and the reason you may be receiving it. Don’t be afraid to contact your bank to confirm a message is genuine.
NatWest Text Scam
Below is an example of scammers taking advantage of this by tricking the phone into thinking their fake message is also from the same un-numbered sender. In the next screenshot, the first two text messages were legitimately sent from NatWest, and were relating to events that the user had triggered themselves. The third message however, is a scam.
The link in the scam is called an IP address (a string of numbers and full-stops), and it is very suspicious to be asked to visit an IP address instead of a normal website. The link also includes http instead of https.
The most important difference to be aware of is that the s in https stands for ‘secure’, meaning your interaction with a https website is protected from people trying to listen in and steal your information; you can guarantee that a banking website will always use https.
At this stage it is already suspicious enough to justify you contacting your bank over the phone to confirm the legitimacy of the message, but if you were to follow the link you would be forgiven for thinking that it had taken you to the official NatWest website.
Can You Tell the Difference?
As you can see in our examples, the scammers have made a very convincing copy of the NatWest website, but if you were to proceed with logging in, you would be putting your money and personal details at a very high risk.
The first image below is the actual NatWest online banking website.
The padlock confirms that the website is secure (the same as https), and the fact that the text is in green confirms that the website has even more layers of security to protect you.
The next example is a fake website. Overall, it’s a relatively convincing copy if you don’t know what to look for but there are a few key differences that should raise alarms.
Other than a few missing accreditations and links, the main area to pay attention to is the address bar; where the legitimate site had a padlock, a name, and was coloured green, the scam site is just the IP address on its own.
At this point if you continue you could potentially be giving your personal information to somebody trying to capture your login details via their fake website.
Keep up to date
To be as secure as possible, it is always recommended to keep your devices up to date.
As an example, when iOS 12.2 and macOS 10.14.4 were released, they added the words ‘Not Secure’ to an address if your device thinks you may be at risk.
Here is an example of the same scam website, but this time it is being viewed on iOS 12.2.
At LogoSystems we always endeavour to keep our customers as secure as possible.
If you ever have any security concerns, do not hesitate to ask us for support. If you are interested in becoming a subscription customer please click the button below.