Listen to this article |
Analysts at Dojo, who provide secure payment solutions, have revealed the TOP 15 brands most used in smishing SMS scams by fraudsters.
With more people relying on online technologies, there’s been more opportunity for scammers to impersonate popular brands and target those who use text messages to update their customers.
The most commonly impersonated brands by smishing scammers, based on Google search data
Ranking |
Brand impersonated by scammers |
Average Search Volumes per month |
% Search Increase (12 months) |
1 |
DPD |
4,400 |
-76% |
2 |
Amazon |
3,600 |
654% |
3 |
Paypal |
3,600 |
421% |
4 |
Post Office |
3,600 |
-80% |
5 |
Santander |
2,900 |
177% |
6 |
Hermes |
2,900 |
-95% |
7 |
DHL |
1,900 |
-66% |
8 |
FedEx |
1,900 |
-84% |
9 |
UPS |
1,300 |
0% |
10 |
Royal Mail |
1,300 |
-91% |
11 |
EVRI |
880 |
400% |
12 |
Monzo |
720 |
84% |
13 |
NHS |
720 |
-19% |
14 |
Apple Pay |
590 |
1,285% |
15 |
Barclays |
480 |
-19% |
DPD is the most Google searched for SMS scams
Google search data reveals that SMS scams around DPD are the most commonly searched, with 4,400 Google searches per month. DPD may be the most targeted by scammers due to the nature of their service, handling and delivering customer’s packages, so it may seem reasonable to ask for, or confirm, customer order details by text in order to deliver items.
Interestingly, the research named Royal Mail as the most likely brand to be impersonated in 2021 with 30,200 monthly searches. According to KeywordTool, this has significantly dropped over the last 12 months with a -91% decrease in searches, relating to scams from Royal Mail, dropping the brand to tenth place on this list in 2022.
Amazon, Paypal, Post Office and Santander round off the top five
Amazon is the second most likely brand to be impersonated by scammers. The e-commerce business has climbed significantly in this ranking compared to 2021. The brand has seen a 654% increase in searches and 3,600 monthly searches for scams compared to 650 searches per month in 2021, according to Keyword Tool.
The study also reveals that ‘Paypal SMS scam’ is still prevalent, only dropping to third place in 2022, with a staggering 421% search increase over the last 12 months. Recently, there have been multiple Paypal SMS scams, including one that could see people having their bank accounts emptied.
Despite seeing a decrease in searches compared to the previous year, in fourth place is the Post Office with 3,600 monthly searches. The scam texts have included a parcel delivery that has failed and asking recipients to click a link to book or reschedule a delivery.
Finally, Santander rounds off the top five with 2,900 monthly searches and a 177% increase in searches over the last 12 months. Customers have been sent SMS scam texts encouraging them to update their banking details or log on to their accounts in an attempt to gather personal information.
The SMS scams that have increased the most over the last 12 months based on %
Ranking |
Brand impersonated by scammers |
Average Search Volumes per month |
% Search Increase (12 months) |
1 |
Revolut |
390 |
9400% |
2 |
Apple Pay |
590 |
1285% |
3 |
Amazon |
3600 |
654% |
4 |
Paypal |
3600 |
421% |
5 |
EVRI |
880 |
400% |
6 |
Santander |
2900 |
177% |
7 |
Monzo |
720 |
84% |
8 |
HMRC |
320 |
50% |
9 |
Virgin Media |
90 |
29% |
10 |
UPS |
1300 |
0% |
The study also looked into which brands had been impersonated the most by scammers over the last year. It revealed that there has been a significant increase in Google searches for smishing texts from payment brands including Revolut, Apple Pay, Paypal and Santander over this time period.
Fraudsters appear to be targeting Revolut, a popular app-based bank, with searches for smishing scams around the brand increasing the most over the past year, by 9,400%. Specifically in August this year, there was a prevalent scam where fraudsters sent SMS messages attempting to trick customers into sharing their personal details.
Apple Pay was the second most targeted brand by smishing scammers over the past 12 months, with a 1,285% increase in searches. The latest SMS scam tells recipients that their Apple Pay has been suspended and that they need to follow a link to reactivate the account.
With a 654% increase in searches over the last 12 months, Amazon is the third most targeted brand by fraudsters. Amazon has been subject to a variety of smishing texts including fake reports of suspicious activity on your account or fake information about shipping delays or package arrivals.
Although customers are becoming wiser to smishing texts, scammers are becoming more advanced and their fraudulent texts and emails aren’t always so easy to spot.
Although customers are becoming wiser to smishing texts, scammers are becoming more advanced and their fraudulent emails and texts aren’t always so easy to spot.
Naveed Islam, Chief Information Security Officer at Dojo has rounded up five top tips on spotting a smishing SMS:
“Scammers are getting more creative with their deceit. With the rise in e-commerce accelerated by the global pandemic, seasoned fraudsters are seizing the opportunity to exploit the vulnerable and less-tech savvy. For many people adopting technologies such as online banking and shopping for the first time during COVID-19, these frauds are incredibly convincing.
This rise is being monitored and managed by the UK police’s dedicated team, Action Fraud. But in the short-term, there are some ways consumers can protect themselves and minimise their risk of digital fraud. We’ve outlined a few tips for people receiving fake ‘smishing’ texts below”:
-
Check if you were you expecting a message from that company
Always check your latest correspondence with the company and get in touch with them if you’re not expecting any messages. Whether you’re unsure, or you’re totally convinced that you’ve received a scam text pretending to be a company, reach out to that company to inform them and seek further information.
To be safe, if you receive a text or email, don’t click on any links. Instead, go on the official website of delivery companies to track your parcel. We’ve listed the official websites of major delivery companies below:
DHL – track a parcel, Royal Mail – track your item, DPD – tracking service, Hermes – track your parcel, Yodel – parcel tracking, UPS – track a parcel
-
Check you have signed up to receive sms messaging from that company
When you sign up to a company they will always ask for your permission to receive sms messages from them. So before clicking on any link in a suspected fraud text message, always check this first.
Whether it’s clicking a suspicious link or providing your personal data, you should take some time to review the text and research its legitimacy before taking any actions.
If you’ve already clicked the link, check the URL straight away and do not login anywhere as scammers can capture your details to take over your account.
-
Check the text is from a number you recognise – Google the number before opening
Scammers can spoof phone numbers pretending to be from your local area code, or even a number that you know, so always Google the number if the text you receive is suspicious in any way.
In a scam text message, their goal is often to convince you to click a link. Scammers thrive from creating a sense of urgency and panic from the recipient. They will use scare tactics or threatening language to make you rush into doing something.
-
Check for poor spelling and grammar, or mistakes to the company’s name
Although some fraudulent texts are highly sophisticated, many of them can be poorly worded. Check the spelling and grammar for some tell-tale signs that they may not be legitimate. -
Never input sensitive data from SMS messaging links
If you do suspect that you’ve been sent a smishing text, do not click on the link at all. Scammers often include malicious links and once opened allow them to access anything on your phone.If you accidentally click on the link in your text, do not provide your private information (user ID, password, payment card details) to that website.
If you accidentally click on the link and provide private information, you should change your passwords immediately and alert your bank who issued the payment card immediately. Continue to check your bank accounts regularly to make sure no money has disappeared. It’s always better to be cautious and vigilant when dealing with online security.
Phone providers allow you to report suspicious text messages for free using the shortcode 7726. If you forward a text, your provider can investigate the origin of the text and take action, if found to be malicious.
For more information and advice on online fraud, visit the Action Fraud official website.
Read Next
Spotted something? Got a story? Send a Facebook Message | A direct message on Twitter | Email: News@Deeside.com