'No Bank Will Send SMS With Sense Of Urgency...' Says Airtel Digital's Business Head On Message-Based Smishing Attacks | Jagran Interview

Smishing News: Cyber attacks have been on an unprecedented rise in India in recent years. Worsening this situation is the misuse of advanced technology by cybercriminals to plant sophisticated attacks. One such prevailing cyber threat is smishing. To understand more about this cyberattack, we sat down with Abhishek Biswal, Business Head - Digital Services at Airtel Business.

Here are brief snippets from the responses shared by Biswal during the interview.

Q: In recent times, what are the most common forms of smishing in India?

Rapid digitalisation is a factor in increasing fraud susceptibilities. Smishing has become a common practice as more and more banking services continue to be used digitally. A smishing attack is a combination of SMS and phishing that uses deceptive text messages to trick people into giving away personal information or clicking on malicious links.

Also Read: Govt Warns Of 'Smishing' Attack That Tricks Users Into Revealing Confidential Data; What Is It, How To Stay Safe?

Cybercriminals do this by crafting messages that are very similar to messages one would receive from banks. The sender IDs used in this process are also close to the ones used by real banks, ensuring it does not become privy to suspicion.

Smishing is a mix of SMS and phishing that uses deceptive messages to dupe people. (Image:Canva/TimArbaev from Getty Images)

For example, 100 per cent of new bank account openings in rural India are now digital. Likewise, transactions, loan requests and other financial services are now increasingly completed online. As more customers switch to digital banking, more customers are increasingly becoming susceptible to scams.

How can a recipient identify a misleading message aimed at smishing?

Messages planted with the aim of smishing are becoming increasingly difficult to identify and authenticate for the layperson given how fraudsters are now using advanced techniques and near-identical message formats. 60 per cent of respondents in a recent study by a leading security firm said that they could not tell the difference between a fraud and a real message from the same bank.

That said, everyone should be vigilant of SMSs demanding time-sensitive actions and confidential information like account passwords. Recipients of such messages should pause and deal with them cautiously. If possible, contact the bank or your bank's relationship manager to cross-verify the details. One should scrutinise such messages and respond only after confirming their authenticity.

Q: Do you believe the most sophisticated smishing apparatus holds the potential to dupe people who are technologically aware of popular scams?

Fraudsters are leveraging advanced technologies to develop fraudulent messages, which makes them appear credible and much more convincing. This has made it nearly impossible to tell the difference between a scam SMS and an authentic communication from the bank.

Plus, attackers are using AI to not only construct messages but also identify customers who can be attacked easily. They easily create virtual numbers via numerous apps and send and receive texts. If a certain phone number is flagged for spam, fraudsters simply recycle it online and use a new one.

Q: Beyond financial, what are the damages smishing may do to a victim?

Smishing can inflict significant non-financial damages. Victims may experience emotional distress, anxiety, and a loss of trust in digital communication channels. For businesses whose names are misused, it may cause loss of customer trust and have long-term implications.

Moreover, falling prey to smishing can compromise personal information, leading to identity theft and potential reputational damage. The psychological impact of being deceived and manipulated in this way can be profound and long-lasting, highlighting the need for awareness and vigilance in safeguarding against smishing attacks.

Q: How do these attacks exploit the security system of a targeted device? What are the technological means to patch these loopholes?

SMS remains a common communication channel on smartphones and feature phones alike. The only way to protect the device is to discourage oneself from clicking suspicious links within these SMSs. Customers should only action links received from verified sources.

To stay safe from smishing, users should not click on links received from unknown sources. (Image:Canva/relexahotels - Pixabay)

We have brought together data sciences and technology to enable banks to protect their customers from getting any fraud or spam messages through A2P (application to person). Called True Delivery and Spam Shield, it is a cutting-edge solution to enable 100 per cent message delivery of customer messages while also enabling multi touchpoints as fallback options – SMS, voice and WhatsApp.

Also Read: USB Charging Scam: Do You Charge Phones At Airports, Hotels, Cafes? Govt Has A Warning For You With Safety Tips

The AI-powered solution can proactively detect, prevent, and eliminate phishing, spam, and fraud through messaging. At Airtel, we have designed our solution to address these issues by analysing message content, templates, and headers to differentiate legitimate communications from potential scams.

Q: In some cases, cybercriminals may explore emotional ways and emergency next steps to extract money. What should be the first move in this situation?

Customers should not action any message that comes with urgent time-bound actions like PIN change, KYC update, account closure etc. No bank or organisation will send messages with a sense of urgency and fear to trap the users into clicking on fake links and/or sharing OTPs.

Q: With the ongoing AI advancements, these attacks are becoming more refined. What are the possible challenges you see for the future?

Two main application of AI in this context is content creation, where malicious actors leverage language models to produce diverse content and then amplify outreach efforts. This technological advancement allows for mass messaging at an unprecedented scale, increasing the odds of success even with a small conversion rate.

Our product is designed with a clear objective: to block any information or communication that originates from sources other than the bank. By implementing this approach, we aim to learn from these blocks and assist banks in eradicating smishing attempts effectively.

Some of the other features of the solution include - customised voice OTP, a unified toll-free number and an updated data bank to prevent wrong numbers apart from detailed analytical that are transparent. We help banks overcome challenges like incorrect contact numbers and lack of security of customer data.

Also Read: India Recorded 79 Million Cyber Attacks In 2023: Report

Falling prey to smishing can compromise personal information. (Image:Canva/anandaBGD - Getty Images Signature)

Q: One master tip and three quick suggestions to stay safe from smishing in India for enterprises and customers.

I would like to encourage everyone reading this to be vigilant when they receive any SMS from an unknown number. Do not action anything especially if the SMS requests an urgent next step. Moreover, recipients should:

- Verify the sender

- Not share sensitive information via online protocols

- Connect with the bank for verification of the information