Rs 15,000 Credited to Your Account? It Might Be a Scam – Here’s How to Tell
Understanding Smishing
Smishing, or SMS phishing, is a type of phishing attack that uses fraudulent text messages to trick you into sharing sensitive information or money. If you have a bank account, it’s essential to be aware of these scams to protect yourself.
What is Smishing?
Smishing involves receiving a fake text message designed to deceive you into providing personal data or transferring money.
“Smishing, a form of cyberattack, merges SMS and phishing. It uses text messages to manipulate victims into disclosing sensitive information or performing harmful actions. This tactic preys on human trust and emotions, using urgency to influence decision-making,” explains Sachhin Gajjaer, Managing Director and Founder of Sattrix, a cybersecurity company.
How Fraudsters Use Smishing
In a typical smishing scam, you might receive an SMS from a mobile number stating that a certain amount of money has been credited to your bank account. Shortly after, you’ll get a call claiming that the money was sent by mistake and asking you to return it to a specified UPI number.
For example: “Rs 15,000 credited to a/c XXXXX9082 on 10-05-24 by a/c linked to VPA XXXX9082 (UPI Ref No 41356463189).”
If you examine the message closely, you will often find that it comes from a mobile number, which is a red flag since legitimate banks never send such messages from mobile numbers.
“Scamsters craft deceptive messages that mimic legitimate communications from trusted entities such as banks, consultancies, or government agencies. These messages create urgency or fear to prompt immediate responses, compelling recipients to click on malicious links, share personal data, or download malware-infected attachments,” says Gajjaer.
How to Identify a Scam SMS
According to Reserve Bank of India (RBI) guidelines, banks must use a registered sender ID for sending SMS alerts. This sender ID should be a six-character alphanumeric code representing the bank’s name, such as HDFCBK, ICICIB, or SBINNN, not a random or generic number like 567678 or 909090.
Pradeep Janardanan, Director of a foreign bank in Bengaluru, notes that scamsters often use personal mobile numbers to send SMS messages. In contrast, banks follow a standard SMS format to notify customers about transactions. This format includes:
- Sender ID: The bank’s code
- Date: The transaction date (dd/mm/yy)
- Time: The transaction time (HH)
- Transaction Type: Debit, credit, ATM, POS, IMPS, UPI, etc.
- Amount: The transaction amount
- Balance: The available balance after the transaction
- Other Details: Relevant transaction details like mode, merchant, or reference number
For example, a legitimate SMS might look like this: “[HDFCBK] 10/05/24 08:33 Debit Rs 500 Bal Rs 10,000 POS 1234567890”
Janardanan emphasizes that this format helps customers easily identify and verify the authenticity of SMS alerts.
What to Do If You Receive a Fraudulent SMS and Call
Fraudsters create a sense of urgency, often saying things like “I am at the doctor’s office and need you to return the money immediately” or “I am buying life-saving medicines.” Their goal is to make you overlook the sender’s ID, which is a regular 10-digit mobile number, not a legitimate bank’s sender ID.
Experts advise that you should always check the sender ID before taking any action based on an SMS.
“To combat these scams, individuals must scrutinize message content, verify sender details and IDs, and closely examine domains, logos, and grammar for inconsistencies. Additionally, be cautious of urgent or immediate action requests that seem unprofessional, as legitimate institutions typically communicate in a more measured manner. By staying vigilant and adopting proactive security measures, users can thwart these increasingly sophisticated smishing attempts,” says Gajjaer.
Conclusion
Staying alert is crucial to protecting yourself from smishing scams. By recognizing the signs of fraudulent messages and knowing how to verify them, you can protect your sensitive information and money. Always examine unexpected messages closely, verify their authenticity, and never let urgency cloud your judgment.
