Cyber criminals move from email to SMS

Published on Tuesday, December 6th by Tony Dennis

Rating: Don’t call phone numbers embedded in a bank’s text

Research from Cloudmark reveals that cyber criminals are moving from email onto SMS and using increasingly sophisticated methods to swindle US handset owners. The company is presently tracking over 20 unique, financial related SMS attacks in the USA with thousands of variants on each attack. Such trends are now expected to make an appearance in the European and UK security spaces. Consequently, mobile users worldwide need to be aware of the telltale signs of SMS frauds and know how to protect themselves. Curiously, Cloudmark doesn’t mention any anti-phishing apps available for iOS or Android which would prove effective. [We found some]. Instead it focuses on solutions which prevent mobile network operators delivering the fraudulent SMS messages in the first place.Cloudmark’s CEO, Hugh McCartney, claimed that, “There is a substantial difference in the profile of attacks on mobile versus email. With the global email we analyse, most of the attacks are spam, but financial fraud remains a very small percentage of email – not more than 10 per cent overall.

Conversely, our mobile data research reveals that more than half of SMS spam is composed of targeted attacks focused on extracting financial account information or enticing the subscriber to call premium rate numbers.”

The classic form of phishing (stealing personal data) via an SMS is one which purports to come from your own bank.

It would read something like, “Your debit account has been compromised please call this number immediately.” Cloudmark’s advice, however, is don’t.

That’s because the number embedded in the SMS is itself fraudulent. It will take the caller to the phisher’s own call centres wherel the caller will be tricked into revealing his or her own personal bank details.

It’s bad enough if you give away your name, bank card number, account number, expiration date, and address but if you give your security/pin code away as well, you’ve had it.

Cloudmark claims that fraudsters have been able to create a working duplicate of your credit/debit card using such information.

In Europe, banks and financial institutions do genuinely use SMS to alert customers to potential fraud. The trick is never to call the number embedded in the text message.

Store you own bank’s phone number in your addressboook instead. And call that.

In the USA, Cloudmark has been encouraging mobile network operators to enable potential victims to report suspected fraudulent or spam messages by texting 7726 (which spells SPAM) from their mobile device.

Phishlock

It doesn’t work in the UK yet – GoMo News just tried it. We did, however, discover five anti-phishing apps for Android.

One of them is Phishlock from Sentrybay which is free. Two of the others – including one from Norton – appeared to be in German.

For the iPhone, a number of anti-phishing apps are available – one of which is No Phishing. We phone no anti-phishing app for W7 Mango phones in the Windows Phone Marketplace.

About Tony Dennis

Tony is currently Editor of GoMobile News. He has taken over this role from Bena Roberts.
This article was published in SMS, mobile security and tagged , , , , , , , , . Bookmark the permalink.

One Response to Cyber criminals move from email to SMS

  1. Pingback: NetQin ups the anti-phishing capability of it Mobile Security app | Mobile news

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>