[Article] How to avoid 'smishing'

[d3wdr0p]

Hi, I found this on iafrica and thought users might find it useful.
Be careful out there ppl

http://personalfinance.iafrica.com/s...ch/1786938.htm

How to avoid 'smishing'
Article By:
Wed, 21 Oct 2009 17:14
Bank clients must beware of criminals attempting to solicit their personal information via SMS — a theft known as 'smishing'.

"Just as we recently issued an alert to bank clients of the increase in phishing attacks, the perpetrators now appear to be increasingly soliciting client information via SMS," the SA Banking Risk Information Centre (Sabric) said in a statement on Wednesday.

CEO Kalyani Pillay said 'smishing' was a modus operandi that used the cellphone text message (SMS) to trick bank customers into divulging their personal information.

"As is the case with phishing emails, the text messages are randomly sent to cellphone users and the information provided by unsuspecting bank clients whose response to the text messages is used to defraud them," she said.

A common type of this SMS was masked as confirmation of changes in the cellphone number registered by the client as the port for their One-Time-Passwords (OTP) into a different number, Pillay said.

"It is all part of social engineering.

"The SMSs that we are seeing all seem to seek to pressurise customers to act in haste by creating some or other emergency," she said.

Pillay said bank clients had received SMS messages saying they had to reveal their OTP numbers as this was required by the police to verify the bank accounts attached to customers' mobile phone numbers.

Other messages informed customers their OTPs had been changed.

"It's only natural that anyone will be concerned to learn that their details have been changed with their financial institution without their permission, and for that reason people are likely to respond positively to the smishing attacks by calling the telephone numbers listed on the SMS," Pillay said.

"What the unsuspecting bank clients are not aware of is that the person on the other end of the line is not a bank official, but a fraudster wanting to steal their personal information," Pillay said.

She said bank clients should contact their banks immediately if they were uncertain about how to respond to any messages they had received via any communication channels that purported to be from their banks.

"Sabric reminds bank clients not to provide details such as passwords, PINs and card details over the phone; neither should they respond to emails and SMSs requesting their details."

If there was a need to contact the bank when receiving a message that purported to have come from it, the client should only use telephone numbers supplied when the bank account was opened.

Pillay emphasised that no bank would ever ask clients to confirm or update their account details via email or SMS.