You, now anxious over the possibility you’ve been a victim of fraud respond ‘no’. Then, almost immediately, your phone rings.
This is a situation becoming more and more common over here in the UK, as scammers engage in more sophisticated forms of smishing.
The caller ID reads HSBC, and the person on the end says they are from the fraud department and need to ensure you are who you say you are, instead of a scammer, to secure your account.
The call sounds highly believable. The person on the other end sounds professional, you do have a bank with HSBC and the timing of the text message and the call feels right.
But it’s a scam.
You’ve probably heard of the term “smishing”. It refers to phishing scams sent through SMS messages, hence its deceivingly whimsical title. These scams typically attempt to steal personal information, including links to sites spoofing popular banks.
The scam above is a different, hybrid form of smishing. Where linkless text messages about suspicious activity or bank transfers are used as a pretext to call and scam users that respond via text.
Historically, fraudsters using this method have used the phished information to set up new financial accounts in the victim’s name, which are then used to wire transfer stolen funds.
In cases like this, it’s critical to remember the golden rule. If it feels suspicious, it’s probably illegitimate. Your bank will never text you about emergencies like potential fraud. They will never ask you to share account details like User ID, password and memorable information.
If in doubt, do not stay on the call or put them on hold. Hang up the phone, and follow up via official channels.
The same is true of spam/ suspicious email or unsolicited text messages. If you're in doubt, do not respond. Follow up via established, secure channels. HSBC also have their own page which lists what SMS messages/ calls they will give you, versus those they won't which are likely to be scams.