Power Report: Feeding frenzy as SMS sharks attack napping consumers

04 September 2016 - 02:00 By Megan Power
subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now

Seldom does a day go by without someone e-mailing me in an attempt to scam me.

Vigilance and knowing your rights are the best protection against unscrupulous con men trying to fleece consumers of their hardearned cash.
Vigilance and knowing your rights are the best protection against unscrupulous con men trying to fleece consumers of their hardearned cash.

This week I was offered a loan, a bank rewards payout (I'm not a client), and thousands of rands in store vouchers in return for completing a customer survey.

Many of these rogues are smart, and when they're abusing the name of a genuine supplier they use e-mails and website addresses that look real - including legitimate logos, registration numbers, addresses, and even the mandatory fraud warning.

Fake SMSes are sometimes equally difficult to recognise. With so much legitimate commerce done through messaging these days, it's hard to spot a trap.

Especially in the dead of night, when you've just been woken and are unlikely to immediately recall that under the Consumer Protection Act companies are not allowed to market to consumers between 8pm and 8am, on Saturdays before 9am and after 1pm or on Sundays or public holidays.

When Cape Town reader Ahziza Isaacs received two SMSes in two days last week - both before dawn - offering her a loan, she took umbrage.

The clinical training specialist at a hospital in the city fired off an e-mail to "Blue Finance Loans" in which she described herself as a hard worker and complained she had lost two hours of rest because of the SMSes.

"So please in future do not send any SMS at the ungodly hour because I will take this further and report it. Awaiting an apology. Thanks," Isaacs wrote.

The response shocked her: "So who fault is f**k you my man dont be a physco .whats wrong with u .hard working mxm."

After a second e-mail by Isaacs elicited similar abuse, she asked me to investigate and I set about to confirm my suspicion that con men were using the name of registered credit provider Blue Financial Services, which used to offer consumer loans.

The numbers used with the SMSes were "unavailable". The domain name linked to the .com e-mail address came back blank. And when I e-mailed, I received an unintelligible reply ending with "nhaa so no comment".

The messages had not been sent by any member of the Wireless Application Service Providers' Associationor the Internet Service Providers' Association, so there was no way of identifying the perpetrator through that route. The SMS was sent from a prepaid MTN number.

"In cases like these, we recommend that the recipient contact their network operator to report the unsolicited messages and provide the cell number sending the messages to ascertain if that cell number is being used inappropriately," said James McNab, a member of Waspa's management committee.

Brands appear to be enthusiastic about sending direct marketing by SMS to customers but less enthused about sending their customers SMS-based warnings about fraud

MTN said mobile operators were not permitted to scrutinise the contents of customers' SMSs so were not able to tell if they'd been sent "for nefarious purposes".

It said if Isaacs felt harassed, she had the option of approaching her local magistrate's court for an order to direct the network operator to release the identity of the sender and request a police investigation. Alternatively, it said Isaacs could block the numbers from her handset.

Another hoax campaign doing the rounds - myself and several colleagues were targeted again this week - is a so-called customer survey being conducted by Woolworths, which circulates largely via WhatsApp, Twitter and Facebook.

There are several versions of the "survey", the latest being a request to complete it, share the link with 10 people and provide personal details, in return for a R6,500 store voucher.

Another version, as shown on the retailer's website, includes a competition to win a voucher with a R7 a day subscription in tiny print under the box where the cell number is entered.

Again, neither Waspa nor the ISPA can help identify the perpetrator as the sender is not a member of either body.

"This is a scam and should be disregarded, " said Woolworths spokeswoman Kirsten Hewett this week.

In June Woolworths placed a warning on its website (albeit hidden behind a "news/press" link at the bottom of its homepage so consumers could be forgiven for missing it) referring to the "hoax customer satisfaction surveys and voucher competitions" as not being authorised.

The warning says the retailer would never request details via e-mail or SMS and such scams should be deleted.

It also offers customers advice on how to unsubscribe from any mobile service they may have been subscribed to.

Hewett said: "From a social media perspective, we track scam complaints and escalate them immediately to our social customer care team which responds to every social mention we can find with an explanation and the link to the caution on our website."

But I had tweeted consumer warnings regarding the survey scam twice in the past few months, and Woolworths had done nothing but "like" my tweet. Why was the retailer not using its marketing channels to proactively warn customers of the scam, I asked.

A few days later, Woolworths sent out SMS, Twitter and other social media warnings. It also retweeted mine. Better late than never, I suppose.

Electronic communications legal expert Dominic Cull said: "Practically, your best option in many cases is simply to delete the offending SMS or e-mail without taking any further action."

Consumers were generally unable to distinguish between scams and the large number of genuine promotions targeting them through social media and other channels, he said.

"Most of these genuine promotions require a participant to provide some personal information - a mobile or ID number - so it is tricky to know when this can be safely done. Certainly, however, you should not be submitting this information through e-mail."

Cull said retail brands that regularly engaged in online promotions should take greater care of their customers, particularly when they knew of a specific scam targeting their customers.

"The brand should actively engage with its customers to warn them. A notice on a website is not sufficient and brands should use the channels through which customers are being exposed to the scam," said Cull.

"Brands appear to be enthusiastic about sending direct marketing by SMS to customers but less enthused about sending their customers SMS-based warnings about fraud."

Cull said that if scams of this nature were allowed to proliferate, there would be no space left for legitimate promotions.

That's enough to scare the pants off any business.


How to do battle with those scammers and spammers

Check if the SMS came from a wireless application service provider that is a member of the Wireless Application Service Providers' Association. If there is no identifying information, you can use www.smscode.co.za, which works for short codes (five digits, for example 54321), long codes (for example 2782 xxx xxxx) and USSD codes (for example *120*xxxxx#) to try to establish who sent the SMS.

If the sender is revealed as a member of Waspa (www.waspa.org.za), you can lodge a complaint using the following forms:

SMS scams and spam: https://waspa.org.za/report-spam/

Unauthorised billing: https://waspa.org.za/report-unwanted-billing/

Breaches of the Waspa code of conduct: https://waspa.org.za/lodge-a-complaint/

If you are uncertain how to proceed, use the general enquiries form: https://waspa.org.za/contact/

Waspa cannot act against nonmembers and does not have police powers. If you believe an SMS is fraudulent or otherwise criminal, you will need to consider lodging a charge with the police and let them investigate.

If the sender is not a member of Waspa, you will need to approach the police and request that they obtain information about the sender from the mobile network on which the SMS originated.

The mobile network - when providing a sim card to the sender - should have obtained and stored their ID information and proof of residence, and they are obliged to provide this information to the police.

But given the growing number of scams targeting South Africans through their cellphones or e-mail inboxes, consumers should use common sense.

If in doubt, phone the customer care line of the brand which is featured as driving the promotion and verify if the promotion is genuine.

If you find - after participating - that it is a scam:

If it is SMS-based, follow the steps above in respect of checking whether it originates from a Waspa member and lodging a complaint with the association;

If it is on Facebook or another social media platform, it is possible to report this to Facebook or the other platform and request that they remove the fraudulent material;

Lay a charge with the police, providing all the information you have. The progress of a criminal complaint will largely be a function of how energetically the complainant pursues the matter; and

Another possibility in fighting this kind of scam is to check whether the webpage is hosted by a member of the Internet Service Providers' Association. This will only be the case if the webpage has a .co.za address.

If you want to find out who the owner and registered host of a South African website is you can use http://co.za/whois.shtml to find out.

If it is an ISPA member hosting the site, then you can use a take-down notice to have the webpage removed.

This is a quick and inexpensive way to eliminate the offending material and stop further harm to consumers.

For further information, visit http://ispa.org.za

- Source: Dominic Cull, electronic communications legal expert


Contact Megan Power

E-mail: consumer@sundaytimes.co.za

Follow Megan on Twitter: @Power_Report

Please note: Other than in exceptional circumstances, readers sending me complaints must be willing to be identified and photographed.

Tune in to Power98.7's "Power Breakfast" (DStv audio channel 889) at 8.50am tomorrow to hear more from Megan

subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now