Why you should not click on links you receive by SMS

Scam calls keep increasing and fraudsters are using different methods to get money from you. Their latest scam is that they are sending texts appearing to be from the Tax Department. They ask you to click on a link and take you to a fake government page where you are asked to input your credit card details so that they can give you a refund. Never click on links received by SMS and always verify any request by visiting the official webpages.

Here is an example of the spam messages currently being sent out:

This type of spam is called Smishing. It is a practice widely used by fraudsters by pretending to be a reputable company who send you an urgent SMS. Upon clicking on this link, you’ll be redirected to what appears to be the website of the reputable company when in fact it is a fake site set up to steal your credentials. Many companies including GO have issued warnings about this scam and this week the Malta Police force have also issued articles and further information on how to prevent getting scammed.

Besides this, we’d also like to let you know about another type of SMS attack. When one clicks on the fraudulent link in the SMS, there is also the possibility of being infected with a malware (software designed to damage or gain unauthorized access to your device) called Flubot. This will auto install the malware in your device and start sending SMS’ without your knowledge. You’ll end up with your credit depleted in a few minutes or receive a much higher bill than usual at the end of the month when it’s too late.

Another type of spam is when you receive a call from a person who is pretending to be GO staff. The caller states that he is giving a refund on your bill and asks you to download a remote access app on your phone which will give them complete access to your device. GO staff will never ask you to access your device.

We are trying to protect our customers from similar scams by raising awareness on this topic. It is important that if you receive an SMS with a link/URL to a website, do not click on it. If you’re not sure, always visit the official company’s website from a separate device and proceed from there. Credentials and personal information should not be given out to third parties for any reason whatsoever.

We are also aware that many clients are receiving calls from what appears to be a local number asking them to input eID details. This is also a scam and such instructions from unknown callers should be ignored. If you receive these types of calls, block the number from your phone or delete the thread completely.