Statistics portal Statista reports that mobile phone use in Australia will grow to 19.4 million handsets in 2017. But there are no commercially available SMS inbound filtering products as there are for email. Cyber criminals are using stolen mobile phones and their SIMs to send the messages free.
Proofpoint has discovered a raft of cyber scams sending socially engineered SMS messages to trick users. The gap in defences is increased as the smaller mobile screens make it difficult to determine if URLs and websites are fake or legitimate.
Proofpoint says SMS phishing has evolved from a single SMS bearing a dodgy URL to load malware, to a sophisticated two- or three-stage system to collect the victim’s phone number, zip code, email address, email password, credit card information and (in the US) their social security number.
|
The scam goes like this (US Bank example used)
First SMS offers simple one click fix. It also proves your phone number is active and is good for more SMS phishing.
Second SMS - Whoops that did not work. Go to the website. This just strengthens your resolve.
Website looks OK and they are not asking for you password etc, just to verify who you are. They get your phone number and zip/postcode.
Now they have your email address (works for Gmail, Yahoo! and more)