Text messaging is a handy tool for communication, helping us to stay connected. But this convenient mode of communication can also be a breeding ground for scammers, who use deceptive tactics to trick us into giving out personal information or clicking on malicious links.
What is ‘Smishing’?
‘Smishing’ is a combination of the words ‘SMS’ and ‘phishing’. It’s a type of cyber-attack that targets individuals through text messages.
In a smishing attack, cybercriminals send deceptive text messages to lure victims into sharing personal or financial information, clicking on malicious links, or downloading harmful software or applications.
Identifying and protecting against smishing scams
Here’s some tips to protect yourself against smishing scams.
-
Communication channels
How have you been contacted? We’ll only contact you via phone, SMS, email orpost(depending on your communication preferences). For external apps, we will only send you messages from our official accounts if you contact us on those platforms first.
-
Suspicious number or address
Does the sender's name have “From ahm”? We don’t use “From” as a first name. One of the first signs of a potential scam is a strange or long phone number from the sender. Scammers use phone numbers from other countries or employ spoofing techniques to disguise their true identity, si it’s difficult to track them down. Scammers might also spoof ahm’s common phone numbers to try to convince you that you’re receiving a call or message from us.
-
Spelling and grammar
Notice poor grammar or typos? Genuine communications from us will have correct spelling, grammar, and formatting.
-
Unsolicited attachments and links
Are there any unsolicited links, photos, or files? What is the message about? Scammers can embed malware (malicious software) in attachments, which can be downloaded onto your device when you open them. Messages from ahm will always be about your relationship with us. This can include your health insurance policy, other types of insurance, claims, account matters, health-related services or ahm partner offers.
-
Message tone and urgency
Is the message threatening? Is there a sense of urgency? Are you being offered something that seems too good to be true? We’ll never contact you to demand money, ask for the password for your ahm account, your sensitive information, or call you outside our business hours unless we’ve set this up with you. (Keep in mind though that if you have previously placed a security question or PIN on your ahm account, we’ll use this to confirm your identity every time you contact us.)
Scammers also often create a sense of urgency by pressuring you to act quickly and make decisions without thinking clearly.
-
Unrealistic discounts
Scammers sometimes offer good deals on health insurance or other health services to lure in people who are trying to save money.
-
Impersonation
Scammers can go to great lengths to gain trust by impersonating legitimate companies or people you may know. They may even insert themselves into your existing chat history so it looks like the text actually came from us. This can happen when a scammer uses the sender name “ahm” and spoofs our number so that your phone groups the spoofed SMS with legitimate messages you previously received from us.
Spotting a smishing attempt: a Medibank scam example
Here's an example of a real smishing message that recently impacted Medibank. ahm is part of the Medibank Group.
The person who received this message has been asked to click on a link to “verify Medicare” for rebate. The first message with the verification code is a legitimate message from Medibank, so it looks like the following message could be too. But looking closer at the second message, you can spot the red flags:
Grammar and punctuation: this message has grammar and punctuation errors throughout. Genuine communications will have correct spelling, grammar, and formatting.
Addressing the receiver: we don’t begin our communications with “From ahm” or have “From ahm” as our sender name.
Suspicious link: the message contains an unsolicited link that does not go to the Medibank website. It could lead to a fraudulent website designed to steal your information.
Similar smishing scams to look out for
-
Expiring insurance policy scam
"Your healthcare insurance policy is about to expire. Click here to renew."
The aim of this message is to create a sense of urgency and fear, prompting you to click on the suspicious link without thinking. Scammers use phrases like "urgent action required" or "your policy will be terminated" to manipulateyou and rush you into making a mistake. -
Refund scam
"You are eligible for a refund on your healthcare insurance premiums. Click here to claim your refund."
Scammers often entice you with the promise of a substantial refund, hoping you'll overlook the red flags and click on the malicious link. Remember, if something sounds too good to be true, it probably is. -
Identity verification trap
“We need to update your healthcare insurance information. Please reply with your date of birth and credit card number to confirm your identity.”
The aim of this message is to trick you into revealing sensitive personal and financial information by posing as a legitimate healthcare provider.
How to take action
If you’re concerned about whether a message is from us or not, get in touch with us directly.
If you ever feel unsafe online, file a report at ReportCyber.
To help others spot new and emerging scams, report to Scamwatch.