Just 18% of people could spot the fakes from 10 scam emails and texts they were shown: Would you outsmart the con artists?
- TSB showed 2,000 people 10 real messages and 10 fake ones
- A quarter spotted all the fakes pretending to be from a bank, but 37% would click
- Figures come as thousands of fake emails and texts have been reported to the police over the last few months – we show what to look out for
Fewer than a fifth of people bombarded by fraudulent emails and text messages from their bank, mobile phone provider or another company would always recognise them as scams, research suggests.
High street bank TSB showed 2,000 people 20 emails and texts, half of which were fraudulent, and found only 18 per cent correctly spotted all 10 scams.
A slightly higher 25 per cent of those surveyed correctly identified all the messages purporting to be from their bank, but an even higher 37 per cent would respond to one of those messages, either by following a link or calling a phone number in the message.
Examples of two of the 10 fraudulent text messages TSB showed to a group of 2,000 people. Just 18% were able to correctly identify all of the fake messages
These phishing links, delivered by email or in so-called number spoofing smishing scams where fraudsters copy a bank or other legitimate company’s phone number to appear alongside real messages, are designed to capture people’s details.
Stolen personal information can be used for the purpose of identity fraud, while fake webpages can be used to harvest people’s payment and bank details which can directly leave their money in harm’s way.
More than a third of those surveyed correctly identified scam messages from mobile companies or the likes of Amazon or Apple, but younger people were less likely to spot the scams. Just 9 per cent of 18-34-year-olds identified all 10 fraudulent messages.
The results are concerning given that the coronavirus pandemic has led to people in the UK being deluged with fake messages from fraudsters.
|Age group||% which correctly spotted all 10 fraudulent messages||% who would respond to at least one message from their ‘bank’|
This is Money and our sister titles have reported on how everything from the NHS contact tracing system to Tesco have been spoofed by scammers over the last few months in the hopes of tricking people into handing over their details.
There had been more than 12,000 reports of coronavirus-related phishing emails made to the UK’s fraud reporting service Action Fraud as of 12 June, a figure which will have increased over the last month.
Emails and texts pretending to be from the taxman have long been a blight on the lives of Britons, but the coronavirus has seen a surge in phishing texts offering recipients emergency tax refunds due to the coronavirus
This message pretends to be from Apple. Following the link would likely lead to you giving away your Apple username and password
And with coronavirus-related fraud making up less than 2 per cent of all scams reported to Action Fraud, there have almost certainly been thousands more phishing attempts over the same period.
TSB’s head of fraud, Ashley Hart, said: ‘Fraudsters are becoming increasingly clever in using technology such as text messages to impersonate banks and other companies, all to trick people out of their hard-earned money.
‘Our findings show how convincing these messages can appear, and highlight a worrying proportion of people who could be caught out.
‘The emotional and financial impact of fraud can be devastating – which is why we reimburse all our customers should they ever fall victim and invest in partnerships with police forces to hunt down the criminals behind these attacks.’
Phishing links take victims to fake webpages designed to harvest their personal and payment details. These are often used either to steal money outright or commit identity fraud with stolen details
How to spot a smish
Smishing scams can sometimes be hard to spot, especially if fraudsters spoof real phone numbers so that fake text messages appear alongside legitimate ones.
For phishing emails, always check the address. While the display name may claim to be from the likes of ‘Amazon customer service UK’ or ‘PayPal UK’, the chances are the email address will either have typos in it or be completely different to the company it is claiming to be from.
One recent phishing email claiming to be from ‘Service@PayPal.com’ was actually from the address ‘e4kzaeke5f3um1z-bu6gkabotciz07ku@btrg522l-78300618. tech’.
Some of the warning signs to be aware of that can help you spot a fake text message or email
But although at first glance they can be hard to spot, there are some tell-tale signs that can make it easier for you to notice when a message isn’t real.
- Links in text messages. Banks don’t use them, so never click on a link in a message claiming to be from your bank. When it comes to messages from other senders, be very careful, and double-check the message is legitimate by finding the company’s official webpage and logging in that way, or contact its customer services.
- Typos. Phishing texts and emails are often riddled with typos, so be on the lookout for those. Many either miss words out or mis-spell them, or use the wrong punctuation. In one example shown to those surveyed by TSB which you can see above, the ‘£’ sign was missing and there was a ‘,’ used instead of ‘.’ in a pricetag.
- Phone numbers. Be very careful never to ring a number given to you in a suspicious email. Double-check it’s correct by looking on a bank or other company’s official website.
- Urgency. Fraudsters always try to rush you, so fraudulent messages usually tell you that you need to take urgent action – either to stop a loss or to claim money. Genuine companies don’t rush you. Slow down, and don’t rush into making a mistake.
If you’ve received a phishing email or text message, you can report it.
Most banks have forwarding services where you can flag suspicious-looking messages, and HMRC launched a similar service a few months ago after people were targeted with messages about fake tax refunds.