Fraud attack methods never grow old. As long as victims continue to fall for a scam, criminals will continue to use it. SMS phishing is no exception as evidenced by a recent spate of attacks in Asia that has led to millions in monetary losses.
SMS Fraud or Phishing, also commonly referred to as smishing, is a social engineering attack targeting victims on their smartphones. A smishing attack uses text messages that appear to come from a legitimate organization. The messages often have links
that drive unsuspecting victims to a phishing site where they are asked to divulge personal information, download malware onto their mobile device, or provide a one-time passcode that will allow a criminal to bypass multi-factor authentication (MFA).
Sms fraud has increased significantly across the globe and complaints about SMS spam increased by over 140% last year. Sms fraud remains a big concern as users spend so much time on their mobile devices – an average of five hours per day in 2021. In addition, users are much more likely to open a text message. According to MobileMarketer.com, SMS recipients open 98% of their text messages while email recipients only open about 20% of their messages.
The ability to launch attacks has also gotten easier for criminals. There are SMS bots that can be used to intercept the one-time passcode (OTP) most banks use for step-up authentication. There are bots that can reach thousands of potential victims at a time with messages that appear to come from a victim’s bank or other trusted brand. Netflix, the most popular streaming service in the world, was recently exploited to serve as the face of a massive SMS fraud campaign that attempted to divert users to a phishing site.
Here let’s take a look at a few of the dangerous ways of SMS Fraud:
SMS Originator Spoofing
SMS originator spoofing happens when someone takes on a new identity and tricks a phone user into thinking that a text message is legitimate. These texts look like they are from a trusted friend or family member, but they are not.
These are just seven types of SMS fraud that trick mobile users. The consequences can be destructive -- victims can lose money, jeopardize their business reputation, and expose personal and financial information to hackers.
SMS Roaming Concept
Fraudsters can now infiltrate someone's text messages if he or she connects to a network in a foreign country -- a process called "roaming." Instead of connecting to the intended operator in the visited location, organized criminals can steal personal data.
Spam
Spam messages, for example, might ask the recipient to reply with his or her name, address, or, worse, bank details, in order to receive a prize. People fall for this scam all the time. In other instances, spam texts contain a web link that redirects the recipient to a page where he or she enters personal information in exchange for a service.
Grey Routes
Cequens recently wrote about how grey routes allow marketers to send bulk text messages at a fraction of the cost, usually via P2P channels. The problem with this delivery method, however, is that it can be insecure and expose personal information to the wrong people. This is because messages move through private networks that lack security. As a result, fraud can occur.
SIM Farms
Like grey routes, SIM farms allow businesses to send low-cost marketing messages to customers. However, they utilize unsecured delivery methods and could expose personal information to fraudsters.
SIM farms are the second-costliest type of SMS fraud after spam, according to research.
SIM Swap Fraud
SIM swap fraud is more complicated and less common than phishing, but it can have the same devastating ramifications. This type of scam exploits two-factor authentication -- where a user of a particular online service needs to confirm his or her identity via text. Hackers will port the user's phone number to another SIM and intercept any passwords and personal information sent via SMS.
Tips for SMS Fraud Detection:
Do your research to double-check the details. If you get an unexpected SMS text from a delivery company or bank, look up the bank, agency, or organization and get in touch directly, without using any contact information in the SMS text.
Claim a prize: No legitimate lottery, sweepstakes, or business will ask you to pay to claim a prize or ask for your bank details to deposit your “cash prize”.
Beware of urgent texts: “Attention. Fraudulent activity has been detected on your account. Act Now.” Scammers often create a sense of urgency to bypass your better instincts. Take your time and ask questions to avoid being rushed into a bad situation.
Refund owing to you from a retailer: Notifications involving money owed “Our records show that you overpaid for (a product or service). Kindly supply your bank routing and account number to receive your refund.” Again, don’t click on the link, check with the source.
Never verify passwords via text: Any text that attempts to verify your Apple ID / Amazon account / Bank account is suspicious.
Install a good fraud detection system: SecurityGen offers a state-of-the-art fraud detection technique.
What can you do if you receive these messages:
Report spam texts to the FCC and your carrier—Report as junk or spam. You can also contact your cell phone carrier to report it as spam
Stay alert—Don’t click on any links, as they can install malware on your device, which collects your personal information.
Ignore spam text—Directly replying to a spam text message lets a spammer know that your number is genuine. What happens next? They can sell your phone number to other spammers who might bombard you with promises of free gifts and product offers.
Comments