3 Ways to Deal with SMS Phishing

As marketers we have become very familiar with the term phishing, a fraudulent attempt made to steal personal information. Primarily these attacks occur via email, appearing to come from a well-known organization asking for personal information – such as a credit card number, social security number, account number or password. However, as we expand our marketing communications in the digital space, we need to be cognizant and proactive in educating our customers of potential opportunities for phishing to expand into SMS communications.

With SMS currently serving as one of the most popular non-voice communications, the majority of its users perceive their mobile devices to be innately safe. However, “SMiShing” attacks (phishing via SMS) have rapidly increased over the past few months, with large retailers such as Best Buy, Target and Walmart being used as primary hooks. Within the past two weeks alone, I have received two various SMS messages stating something like:

Your entry last month has WON! Go to the following URL and enter your winning code: 1122 to claim your FREE $1,000 Best Buy gift card!

This SMS is an example of a recent SMiShing message I received. Viable/real SMS from a brand for a contest or other communication should always come from a registered 5-6 digit shortcode that you have previously opted-in to receive messages from.

Luckily, I knew something was suspicious given I had not entered any sweeps recently. But, what about “new to mobile” customers or those who entered a sweeps that coincidentally your organization may be awarding a $1,000 gift card? There are a few steps we can take to treat SMS spam as we’ve learnt to treat potential email spam:

Address Personal Information Concerns
Stress to customers your organization and partners value and protect personal information by implementing appropriate security and safety measures. SMiShers do not build lists by tapping into the brand’s mobile number opt-in database, it’s typically completely random. They will acquire lists of phone numbers from anywhere they can or generate them randomly via computer. Only when someone clicks or responds will they know if they have a viable mobile number from their master list.

Be Transparent
If you’re running a sweepstakes, official rules always include information regarding how the prizes will be awarded. In addition, show customers examples of messages they will be receiving from you or place a greater emphasis on the information by highlighting it in the creative or other placed besides the rules, which few seldom read.

Provide Educational Response
Actively promote that customers should never click on links or respond to text messages unless it comes from your short code. If customers do reach out to express concern, they often do so via email or social media channels. Have educational communications prepared to quickly respond to their concerns, such as:

Your personal information is secure with our organization through the appropriate security measures. We notify all winners via the following channel and unfortunately the message you received was not from our organization and is a “SMiShing” attack. We advise you do not click on the link or respond to the message and instead, call your service provider to request the number (often not a short code) be blocked from delivering messages in the future. In addition, submit a report to the Better Business Bureau.

By following the steps above to be proactive, you can ensure advancement within the digital space will be more successful and encourage customers to continue to participate in your mobile programs.

This entry was written by Elizabeth Huebner and posted on June 13, 2012 at 12:16 pm and filed under Mobile Marketing with tags Mobile Marketing, SMS, sms phishing. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.

The Lunch Pail: A Digital Marketing Blog