Smishing: When a Simple SMS Can Empty Your Bank Account

“Your bank account will be blocked today.”
“Your parcel is on hold. Click here to update details.”
“Congratulations! You’ve won a cash prize. Click here to claim.”

If you’ve received messages like these, you’ve brushed dangerously close to smishing.

What Is Smishing?

Smishing is a cyber scam where fraudsters use SMS messages to trick people into clicking malicious links or sharing sensitive information such as OTPs, PINs, or bank details. Because SMS feels personal and urgent, many people react without thinking—and that’s exactly what scammers count on.

Case Study: MNGL Smishing / Fraud Case

Cybercriminals posed as officials of Maharashtra Natural Gas Limited (MNGL) and sent fake SMS, WhatsApp messages, or made phone calls claiming pending gas bills or imminent disconnection.

Victims were asked to click links, install fake apps, or share details to “update” or “pay” bills. This led to unauthorised access to bank accounts and significant financial losses, especially in Pune and nearby areas. Senior citizens and busy professionals were among those targeted.

MNGL later issued public warnings, filed police complaints, and advised customers to use only official payment channels and never act on unsolicited messages.

Why Smishing Works So Well

• SMS messages are read almost instantly

• They create panic or excitement using words like “urgent”, “last chance”, or “account blocked”

• They impersonate trusted entities such as banks, courier services, government departments, or well-known brands

A single careless click can lead to:

• Financial fraud

• Identity theft

• Account takeover

• Malware installation on your phone.

Decoding SMS Headers in India

In India, SMS communication is regulated by TRAI through the DLT system. Genuine organisations send messages using registered Sender IDs, not random mobile numbers.

A typical SMS header may look like:

VM-SBIINB-S

How to read it:

Prefix (VM / VD / VA / AX)
VM, VD indicate service or transactional messages such as bank alerts, OTPs, and delivery updates
VA, AX indicate promotional or advertising messages such as offers, sales, and loans
Promotional prefixes are more commonly misused for smishing

Sender Name (SBIINB)
This identifies the registered organisation, for example State Bank of India

Suffix (S)
This indicates the telecom routing circle such as South, North, East, or West
It does not confirm authenticity and is only a routing indicator

Summary of Risk Level by Prefix

• VM – Transactional / Service – Low risk

• VD – Transactional / Service – Low risk

• VA – Promotional – High risk

• AX – Promotional / Bulk – Medium to High risk

• JK – Government / Institutional – Usually safe

Do Service Providers Warn You About Spam?

Yes. Indian telecom service providers and SMS apps actively try to protect users. You may see:

• Messages labelled “Suspected Spam”

• SMS moved automatically to a Spam folder

• Warnings before opening suspicious links

These systems work under TRAI guidelines, but they are not foolproof. Some scam messages still slip through, especially when fraudsters misuse registered headers.

How to Spot a Smishing Message Quickly

Be cautious if an SMS:

• Creates urgency or fear such as “immediate action required”

• Asks for OTP, PIN, CVV, Aadhaar, or bank details

• Contains shortened or strange links like bit.ly links

• Contains spelling errors or extra characters in links

• Comes from an odd or unknown sender ID

Remember: No bank or government agency asks for confidential details over SMS.

Stay Alert. Stay Safe.

Smishing thrives on haste and panic. A few seconds of checking the sender ID, prefix, and message tone can save you from financial loss.

Pause. Verify. Don’t click in a hurry.
A smart reader is a safe digital citizen.