New Scam Highlights Growing Threat of Cell Phone Phishing

“Curiosity killed the cat,” goes the old warning about being too inquisitive. An unusual new mobile phone phishing scam is apparently counting on victims to be a little too curious for their own good.

Smishing

According to numerous reports, many Verizon Wireless customers report that they have begun receiving suspicious text messages — coming from their own phone number! In most versions, the text message is thanking the user for paying their phone bill on time, and provides a link with the promise of “a little gift for you.”

While it would seem almost comically obvious that these are scams, the sheer strangeness of getting a text from yourself is enough to entice some users to investigate further and click on the link. That, of course, is a mistake.

In most cases, clicking the link takes you to a site requesting credit card information. Some customers have reported being sent to a Russian state media network. The Federal Trade Commission’s Consumer Advice division warns that links may install malware on your device or expose you to other scams. As with all suspicious messages, the best thing to do is just delete them.

 

Smishing (SMS Text Phishing) and Spoofing

It’s just the latest in a long line of mobile phone scams. SMS text phishing — or “smishing” — attacks against mobile phone users have been on the rise for the better part of the last two decades, defrauding U.S. consumers of tens of millions of dollars each year according to the FTC.

Proofpoint reports that smishing attacks increased by almost 700 percent in 2021, with nearly two-thirds of those disguised as package delivery notifications. Such threats are most likely meant to capitalize on consumers’ increased use of online shopping while working from home during the pandemic.

One of the chief ways scammers make malicious text messages seem nonthreatening is “neighbor spoofing.” This is a form of impersonation fraud in which scammers falsify caller ID information to match the area code and prefix of their victims, making it appear that texts or calls are coming from a local business or even a friend or family member.

Spoofing requires no technical proficiency because there are numerous Internet-based spoofing services. Customers simply create a user account, log in and supply the number they are calling as well as the number they’d like displayed on the recipient’s phone. The service provider then places the call and displays the entered information as the caller ID.

This is all perfectly legal under the Truth in Caller ID Act of 2009, as long as the caller does not intend to defraud or cause harm. One often-cited example of legitimate spoofing is when a doctor uses a cell phone to call patients but displays the office number on the patients’ caller IDs. Of course, scammers with malicious intent have no qualms about skirting the rules.

 

Protect Yourself from Smishing

The Federal Communications Commission offers these suggestions to avoid becoming a victim of a smishing scam:

SMS text phishing — or “smishing” — attacks against mobile phone users have been on the rise for the better part of the last two decades.

  • Never click links, reply to text messages or call numbers you don’t recognize.
  • Do not respond, even if the message requests that you “text STOP” to end messages.
  • Delete all suspicious texts.
  • Make sure your phone operating system and security apps are updated.

At the corporate level, organizations should consider implementing the STIR/SHAKEN framework to authenticate the identities of callers. The STIR (Secure Telephony Identity Revisited) and SHAKEN (Signature-Based Handling of Asserted Information Using toKENs) protocols authenticate caller ID information against an encrypted digital fingerprint that belongs only to the legitimate owner of a number.

 


 

Benefits of Managed IT Services from Global Data Systems

  • Strategic Managed IT: We help you solve your technology related business problems.
  • Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
  • Support: When you need help simply call our 24x7x365 support number.
  • Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.

Contact Managed Services Provider, Global Data Systems >