SMS Scams: How To Defend Yourself

smishing

Who doesn’t own a mobile phone nowadays? Whether you have an old-school flip phone or a newer smartphone, you may already have been bothered by rogue SMS text messages.

Cyber-crooks are spamming through every avenue they can, hoping to lure their victims into revealing personal information or tricking them into sending costly text messages.

And it’s not just cyber-criminals you should be worried about. Have you ever received a message from someone you don’t know? Well, these could be attempts to blackmail you or ruin your day.

The above screenshot shows a technique, also known as smishing (SMS phishing), that is rather effective because it reaches your own personal phone. While (almost) everybody knows about email phishing scams, not many people are aware of the equivalent for phones.

In one particular case, the senders will pretend to be from your financial institution and insist that you either call a number or follow a link to an external website to unlock your bank account. Note the tone of the message and the use of the word “urgent.”

Sadly, a certain number of people will panic and respond right away. We all know how it ends: with your bank account depleted or hefty charges on your credit card.

The ability to detect these threats is made more difficult by the fact almost all banks and credit unions offer mobile apps for banking directly on your phone. So, if you get one of these messages, you are more likely to believe it is genuine.

A big part in combating this problem can be addressed by the phone carriers themselves and their ability to block such fake messages.

The bad guys often use free web based services to send SMS text messages in which case it should be easier to flag them as suspicious.

As always, your own judgment will save the day if whenever you are asked about your credentials you do some research, call a friend, have a cup of tea, and then decide on what to do.

Premium SMS rates

Based on your phone plan, text messages are usually free or really cheap to send. But there exists a different kind, one that you will want to stay away from, called premium text messages.

Premium-rate SMS text messages remind me of the old Minitel, a French communication device from the 80’s, pre-World Wide Web. Premium-rate adult services were very popular then and many people received jaw-dropping phone bills.

Fast forward 30 years and you see similar tricks to access a website or activate a piece of software:

What they don’t advertise clearly is that the cost of a single message can be something like $10. Repeat the screen a few times and that’s enough to rack up a huge bill.

As a rule of thumb, you should only ever text people you know to avoid nasty surprises.

Pranks and the law

In most countries, possession of child pornography is a serious crime that can send you to jail.

Did you know that someone could text you prohibited content directly on your phone and then call the police to your house to report you?

photo

It seems a bit far-fetched, but I would not want to be the one doing some explaining while the police officer checks my phone.

Unfortunately, there is not a whole lot you can do about this. While the logical thing to do seems to be reporting it, you may just place yourself in the spotlight and become the subject of an investigation.

Certainly, if you believe you are being targeted you could ask your phone company to get you a new number and not distribute it to anyone but close family and friends.

Final thoughts

Cell phone companies have gone a long way to protect users from the kind of fraud described here. My phone provider had disabled roaming and email to SMS features to prevent me from accidentally getting charges.

One thing I would recommend as well is to use a prepaid (no-contract) phone if you can. If you only load $30 worth in your phone every month, that is the maximum anyone is going to get out of you through premium-rate SMS text messages, as opposed to having an ‘open’ contract agreement where hundreds of dollars could be charged.

Despite phishing filtering systems and spam detection, you remain the weakest link attackers will try to exploit. Criminals can be creative and come up with clever tricks to ‘social-engineer’ you. Having a critical mind and staying up to day with the latest scams will hopefully keep you safe!

ABOUT THE AUTHOR

Jérôme Segura

Principal Threat Researcher