4 best practices to protect your customers from SMS scams

4 March 2022

With recent bank scams on the rise, customers are getting more vigilant about spotting fake links and SMS messages that could lead to their entire savings being wiped out in minutes. However, scammers are getting scarily ingenious with spoofed SMS messages that are almost identical to the real deal. From realistic looking SMS headers to messages with claims of suspicious activity and card suspension warnings, all it takes is one mistake to land both the business and their customer in a lose-lose situation.

To prevent your customers from being exploited by fraudsters and maintain their confidence in your business’s security measures, we recommend using the four best practices listed below:

1. Remove hyperlinks and/or phone numbers from SMS messages

This works by completely removing the risk of your customers accidentally clicking on, or being unable to identify a real versus fake link. Simply remove the call to action from SMS messages and request your customers to log in directly on your business’s original app or website.

2. Use two-factor authentication in your login flow

Two-factor authentication (2FA) works by validating the identity of the user through an additional layer of authentication via SMS OTPs, secondary emails or authenticator apps, etc. Making 2FA compulsory is like adding a biometric lock to your house which already has a traditional lock – even if the fraudster has your key, they will have a hard time figuring out the passcode to your secondary lock. This decreases the likelihood of fraudsters finding ways to compromise customer accounts using stolen account credentials.

3. Educate your customers on how your business enforces security

Let your customers know how your business will usually communicate with them. For example, letting them know that your business will never include URL links (or use shortened links and links with different spelling) or contact them about fraudulent transactions and account risks via SMS messages. This way, if your customers were to receive a realistic looking SMS containing a link or claims of their account being hacked, they will immediately know that something is wrong with the SMS itself.

4. If adding links in SMS, keep your customers aware of what to expect

Both the business and its customer base should maintain vigilance and utilize safe digital security measures to prevent frauds. If adding URL links is necessary in SMS messages, businesses should educate customers on the exact URL address to look out for. Giving them a checklist of authentic details in your business’s landing page will also serve to help customers spot the difference between a spoofed webpage versus your business’s authentic page. Be it for promotional or other communication purposes, businesses can let their customers know in advance when they will receive an SMS and what to expect in it.

Bottom Line

By applying these best practices, you can prevent your customers from falling easy prey to SMS scams. Prevention is always better than having to deal with thousands or millions of dollars lost to fraudulent transactions. Use these tips to prevent scams from happening in the first place. By showing your customers you care about protecting their self-interests, you will gradually gain a more loyal customer base.