SMS Scams over the Holidays: Ready, Set, GO.

In the last year, global e-commerce has jumped to over $26.7 trillion, accelerated by COVID-19 according to United Nations UN News. It all sounds like great news for the economy, however fraudsters are following this upward trend and adapting their scams.

With the holidays and gift giving season approaching, more online shopping and package deliveries for consumers also means more opportunities for scammers to get information.


What is SMS Phishing?

SMS Phishing (also known as Smishing) is the act of committing text message fraud to try to lure victims into revealing account information or installing malware. Similar to Phishing, cybercriminals use SMS Phishing in an attempt to steal credit card details or other sensitive information, by disguising as a trustworthy organization. SMS Phishing has grown in popularity with cybercriminals now that smartphones are widely used, as it enables them to steal sensitive financial and personal information without having to break through the security defenses of a computer or network while also attracting considerably higher open rates than email. According to, while email recipients only open about 20% of their messages, SMS recipients open 98% of their texts.

“On a small screen and with a limited ability to vet links and attachments before clicking on them, consumers and business users are exposed to more phishing risks than ever before,” says IDC’s Phil Hochmuth.

Examples of SMS Phishing

  • Fake shipping notifications: Many delivery scams start with a text message about delivering a package to your address, according to the Better Business Bureau. These messages often include a “tracking link” that you are urged to click in order to update your delivery or payment preferences.
  • Phony bank account balance warnings: A link to a website prompting for a bank account number or PIN of a debit card.
  • Fake text from the IRS or Power company: Saying you owe unpaid taxes and that the IRS will arrest you if you don’t pay now via a link.
  • Fake Prize notifications: Requesting personal information to deliver the reward.
  • Bogus Covid-19 contact tracing messages: Requesting Personal information.

Combating the threat of fraudsters

Companies are aggressively looking for ways, including authentication and fraud detection solutions, to simultaneously streamline authentication and strengthen security. A “State of Intelligent Authentication and Fraud Prevention 2021” survey conducted by Opus Research revealed that “customer authentication [across all channels] has a direct impact on fraud detection and fraud prevention,” with a rare 100% of respondents agreeing or strongly agreeing with the statement.

Clearly, decision makers are coming around to acknowledging the link between strong authentication and fraud-loss prevention. When asked about which authentication and fraud detection methods they use, organizations report a wide range of strategies and factors (graph below).


SMS scam blog

While PINs/Passwords are still the most common factor in use, respondents also incorporate other factors including out-of-band delivery of one-time-passwords, knowledge-based authentication via security questions and voice biometrics.

How to Protect yourself: Tips for Identifying Scammers

  1. Do your research to double check the details. If you get an unexpected sms text from a delivery company, or bank, look up the bank, agency or organization and get in touch directly, without using any contact information in the SMS text.
  2. Claim a prize: No legitimate lottery, sweepstakes, or business will ask you to pay to claim a prize or ask for your bank details to deposit your “cash prize”.
  3. Beware of urgent texts: “Attention. Fraudulent activity has been detected on your account. Act Now.” Scammers often create a sense of urgency to bypass your better instincts. Take your time and ask questions to avoid being rushed into a bad situation.
  4. Refund owing to you from a retailer: Notifications involving money owed “Our records show that you overpaid for (a product or service). Kindly supply your bank routing and account number to receive your refund.” Again, don’t click on the link, check with the source.
  5. Never verify passwords via a text: Any text that attempts to verify your Apple ID / Amazon account / Bank account is suspicious.

What can you do if you receive these messages:

  • Report spam texts to the FCC and your carrier—Report as junk or spam. You can also contact your cell phone carrier to report as spam and file a report with the Federal Trade Commission at
  • Stay alert—Don’t click on any links, as they can install malware on your device, which collects your personal information.
  • Ignore spam text—Directly replying to a spam text message lets a spammer know that your number is genuine. What happens next? They can sell your phone number to other spammers who might bombard you with promises of free gifts and product offers.

Finally, keep in mind fraudsters are continuously evolving and adapting their strategies, so most of all, be aware and be safe, especially this holiday shopping season.



The Aculab blog

Cloud news, views and industry insights from Aculab

  • Choosing The Ideal Communication Platform: Key Considerations to Optimise Your Business

    Communication Platforms as a Service have become a necessity in the current digital age; allowing businesses to obtain frictionless means of communicating effectively. However, as technology rapidly evolves, so must communications. Much of the platforms on offer today are homogenous, so choosing the best fit for your business can be difficult. In this blog, we have shared some key points and trends for to consider, so your business can amplify communications and increase operational efficiency!


    Continue reading

  • 3 Ways Your Business Can Benefit From a Communications Platform as a Service

    Acquiring a Communications Platform as a Service has become a very common trend for a variety of businesses in recent years. Even with AI and all the technological advancements that have been achieved, the world has come to realise that exceptional customer service is at the core of running and maintaining a successful business. So, we have identified a few ways in which a CPaaS could benefit your business!

    Continue reading

  • The Future of Communications: React Native SDK from Aculab

    Having access to quality, and trust-worthy digital communication platforms is essential in the contemporary business world. That’s why here at Aculab, we have employed the use of React Native – integrated into the WebRTC browser interface, we provide bespoke, human-centered, voice and video communication options

    Continue reading

  • 3 Ways Cloud Voice & Messaging Save a Business Time

    When we think of business voice call technology, we often imagine traditional phone calls, placed by a person with hundreds of calls on their list. Advancements in voice technology, particularly driven by the cloud, have changed the way we approach such situations.

    Continue reading

  • 4 Uses of CPaaS to improve Healthcare services

    The healthcare industry is a constantly shifting marketplace, with new technologies evolving on a regular basis. However these changes tend to be behind the scenes; until the COVID-19 pandemic very little had changed in terms of how doctors and medical staff interact with patients. Now healthcare providers are playing catch up to create pandemic and futureproof communication models. For many, a CPaaS solution is their salvation.

    Continue reading