Many people could be vulnerable to a fraud attack by failing to spot the warning signs that a message appearing to be from a legitimate company is actually a scam, research from TSB suggests.
Less than one in five people were able to identify all messages which were bogus in an experiment conducted by the bank.
TSB showed 2,000 adults across the UK a series of 20 emails and texts from third parties, such as banks, and mobile phone providers – 10 of which were genuine communications and a further 10 of which were imitating companies.
Just 18% of people who took part were able to correctly identify all 10 dodgy messages.
Ashley Hart, head of fraud at TSB, said: “Unfortunately, fraudsters are becoming increasingly clever in using technology such as text messages to impersonate banks and other companies, all to trick people out of their hard-earned money.
“Our findings show how convincing these messages can appear, and highlight a worrying proportion of people who could be caught out.
“The emotional and financial impact of fraud can be devastating – which is why we reimburse all our customers should they ever fall victim and invest in partnerships with police forces to hunt down the criminals behind these attacks.”
Signs that a message is not genuine may include spelling mistakes and links to websites that are not official.
Links that take someone to a page asking for login, account or card details are also a warning sign, as are messages that try to make people take an action urgently.
Another warning sign of messages not being genuine is announcements that an organisation would never normally make in a text message such as a tax refund, or penalty notice.
Younger adults aged 18 to 24 could be particularly at risk of falling for a scam.
Only 9% of people in this age group achieved a full score when identifying bogus messages.
Over a third (37%) of people generally indicated that they would respond to at least one of the bogus messages claiming to be from their bank, rising to two-fifths (41%) of 18 to 24-year-olds.
TSB has seen a significant spike in text message “smishing” attacks during the pandemic.
The bank has its own “fraud refund guarantee” which returns money lost by its customers when they are innocent victims of fraud.
TSB found that concerns over fraud remain high, with a fifth (19%) of people saying they are concerned that a family member could be defrauded during the coronavirus pandemic.
The bank is also encouraging people to report scams, by forwarding text messages for free to 7726, and emails to reportphishing.gov.uk.
In one case dealt with by TSB, a woman in her mid-60s, from Scotland, was reimbursed over £21,000 after receiving a convincing fake TSB text as part of a co-ordinated scam.
TSB said that, had it not provided reimbursement, the victim would have lost her entire life savings.
In another case, a man in his 30s from the East Midlands was refunded £10 after he fell victim to a fake Government text claiming to offer a tax refund due to Covid-19.
Mike Haley, chief executive of fraud prevention service Cifas, said: “Email, text and online scams are the most effective ways that fraudsters obtain financial and personal information, and these scams are getting increasingly sophisticated.
“More recently we have seen criminals increasingly using text-based scams to target people as they are comparatively cheaper and easier than phishing campaigns, as there is no need for compromised domains or malware or links.”
Three ways to spot fake correspondence
Fraudsters can “spoof” text messages to appear as if they were from a legitimate organisation. Covid-19 scams have involved fraudsters impersonating the Government, World Health Organisation and the NHS. Do not click on any links provided in text messages, and verify any telephone numbers given before calling.
Covid-19 tax refunds, refunds from travel bookings, safety advice via email and donation requests are all ways in which fraudsters could try and trick you into clicking dodgy email links, or make you part with sensitive personal and financial information.
Always stop and think about what you are being asked to do, and if you have any doubts, talk to family or friends. And do not open attachments.
Always suspect of cold phone callers. Fraudsters often claim to be your broadband provider, your bank, a charity or any organisation that could lead them to your personal information and your cash. Do not be afraid to put the phone down if you cannot verify the caller and guard your details.
Appearances can be deceptive, so if you have concerns, call the organisation directly from the number listed on their website, or if it is your bank, use the number on the back of your card.