Cyber fraud is now a fact of life. Phishing, vishing, smishing… it has been a busy time for fraudsters with the Irish Garda Siochána reporting a 370% increase in these activities in 2021 compared to 2020.
Consumers and businesses are wise to be aware and alert to these risks.
So with the ever present threat of smishing and other scams, how can businesses continue to use SMS and other messaging channels? And can these channels continue to reinforce trust and reliability with customers?
The Importance of Trust
Timely communications are essential to good customer experience and with its immediacy and impact SMS is still the best channel to keep customers and staff informed.
One way to use messaging to underline trust is to notify your customers of any updates, service changes or if there has been an incident that affects them.
“SMS continues to shine as a means to contact customers about fraud or other account-related information. Recent smishing attacks have only highlighted how SMS can be used to rapidly warn customers not to click a fraudulent message.” Púca: Combatting Fraud with Robotics and SMS
In terms of Smishing prevention, Fraudsmart.ie is an excellent awareness initiative of the Payment and Banking Federation of Ireland (BPFI). It includes resources and personal and business case studies to help people avoid fraud and use messaging responsibly.
Púca’s 2020 report “Using SMS safely and reducing the risk of Smishing” includes up some of our own advice and best practice on how to keep your customers safe.
The report which you can request via our contact page includes the following recommendations on helping customers avoid fake messages and dangerous URLs.
Urls and using SMS Safely
- Advise customers not to click links that differ from your web address
- Always use the full format URL rather than url shorteners
- Only use URLs in the context of an ongoing communication
- Consider whether it is necessary to include a link at all
Another useful report “Business communications – SMS and telephone best practice” was published in January 2022 by the UK’s National Cyber Security Centre.
“It’s essential that legitimate communications follow some basic guidelines, helping consumers to distinguish official communications from attempted deception”. National Cyber Security Centre (UK)
We have included some of their guidance on SMS communications below.
NCSC Guidance on SMS
- Understand your communications supply chain: using fewer providers makes this easier to manage.
- Ensure weblinks are consistent in ALL messaging to make it easier for people to check them independently.
- Be careful when choosing a SenderID: Keep the number of SenderIDs to a minimum. Avoid special characters, and ensure the SenderID is added to the MEF registry
- Audit your messages: validate that the messages are received exactly as you sent them. Any changes to the content or message sender are indicators that your message provider is using grey routes, putting your messages at risk of fraud, delay, or even regulatory breach.
Trust in Enterprise Messaging
Púca is a Tier 1 messaging provider and a member of the Mobile Ecosystem Forum’s Trust In Enterprise Messaging programme. This code of practice aims to accelerate market clean-up and help educate business messaging solution buyers about the threats of fraudulent practices.