18 Apr Cyber Security – Text Message Scam
Never trust a text from your bank
Fake text messages that look like they are coming direct from your own bank are so good, even the Fraud Director at Lloyds Banking Group admits he can’t always spot them!
Macs, iPads and iPhones are some of the most secure devices in the world, but there is always a game of cat & mouse being played between Apple’s security experts and the scammers that are trying to steal our information and money. The best that we, as users, can do is to stay as vigilant as possible, and question anything on our devices that doesn’t look quite right.
You may be aware that when a bank sends you a text message they typically do not come from a number, rather it just shows you the name of the bank, as shown here.
NatWest text scam
This is an example of scammers being able to take advantage of this by tricking the phone into thinking their fake message is also from this un-numbered sender. In the next screenshot, the first two text messages were legitimately sent from NatWest, and were relating to events that the user had triggered themselves. The third message however, is a scam.
The link in the scam is called an IP address, and it is very suspicious to be asked to visit an IP address instead of a normal website. The link also includes ‘http’ instead of ‘https’.
The most important difference to be aware of is that the ’s’ in ‘https’ stands for ‘secure’, meaning your interaction with a ‘https’ website is protected from people trying to listen in and steal your information; you can guarantee that a banking website will always use ‘https’.
At this stage it is already suspicious enough for you to contact your bank over the phone to confirm the legitimacy of the message, but if you were to follow the link you would be forgiven for thinking that it had taken you to the official NatWest website.
Can you tell the difference?
As you can see below, the scammers have made a very convincing copy of the NatWest website, but if you were to proceed with logging in, you would be putting your money and personal details at a very high risk.
Here the legitimate website is shown on the left, and the fake website is on the right.
Overall, it is a very convincing copy, but there are a few key differences that should raise alarms. Other than a few missing accreditations and links, the main area to pay attention to is the address bar, where the legitimate site has a padlock, a name, and is coloured green, and the scam site is just the IP address on its own.
The padlock confirms that the website is secure (the same as ‘https’), and the fact that the text is in green confirms that the website has even more layers of security to protect you.
Keep up to date
To be as secure as possible, it is always recommended to keep your devices up to date.
As an example, the latest iOS update (iOS 12.2) and the latest Mac update (MacOS 10.14.4) will add the words ‘Not Secure’ to an address if it thinks you may be at risk.
Here is an example of the same scam website, but this time it is being viewed on iOS 12.2.
LogoSystems always endeavours to keep its subscription customers as secure as possible. If you ever have any security concerns, do not hesitate to ask us for support.
Please like this page if you found the content interesting and share if you feel others may benefit from this information.