How to spot and avoid SMS scams
Posted on 31 July 2013.
2013 has been touted by Gartner as the year when mobile phones will overtake PCs as the most common Web access device worldwide.

When you think about it, it's logical, because not all people can afford a computer, but most can a old-school mobile phone or a smartphone.

This shift has not passed unnoticed by scammers, some of which have specialized in targeting mobile device users and are constantly coming up with new ways to trick them.

The danger of picking up mobile malware and spyware posing as a legitimate application on official and unofficial app markets is, of course, always there, but so is that of scams that arrive via SMS.

Mimicking the bogus emails supposedly coming from your bank, an online service or social network you use, or even a contact of yours, phishing text messages more often than not try to create a sense of urgency to make you panic and follow the offered link / call the offered phone number without thinking twice about it.

These phishing messages often say that your banking account or card / service account / social network account has been suspended or compromised, and urges you to contact the bank / organization via a given number or to log into your accounts to "verify" them via a given link. Needless to say, the person waiting for your phone call is a scammer, and the page where you enter your login credentials is set to send them to the person behind the scam.

Apart from being vigilant and extra careful when receiving messages like these, there is not much else you can do. "A big part in combating this problem can be addressed by the phone carriers themselves and their ability to block such fake messages," explains Malwarebytes researcher Jerome Segura. "The bad guys often use free web based services to send SMS text messages in which case it should be easier to flag them as suspicious."

Bogus messages that make you inadvertently subscribe to a premium rate service or send a premium rate SMS are also a big problem. More often then not, you will believe that you're doing something like confirming your age or that you are not a bot by following the instructions, but will actually effect some of the things mentioned above. SMS messages that will cost you $10 to send are not unheard of, and the scammers will not alert you to their true nature or the cost.



"As a rule of thumb, you should only ever text people you know to avoid nasty surprises," Segura advises, and I'm inclined to agree with him.

Finally, another (hopefully?) not too spread way of getting you into trouble via SMS falls more in the category of prank than scam, and is carried out by sending you a message with illegal content such as child pornography (perhaps accompanied with the text "Here is the photo you asked me to send") and then reporting you to the police for possession of it.

While such a "prank" can also turn into a blackmail attempt, the solution seems easy: delete the message from your phone. On the other hand, the malicious person can report you to the police for another trumped up crime, and send the message while you and your phone are in police custody. (What can I say? I'm paranoid.)

If, by any chance, you are targeted by such a person, the best thing to do might be to change your phone number, not register it and give it out only to few of your most trusted people with the instruction not to share it with anyone else or put the information on the Internet - an hope that something like this doesn't happen again.

All in all, despite the carriers' best attempts to block scammy SMS messages, the best thing you can do to prevent falling for any of these scams is to look with a critical eye upon any message you receive. If the message is unsolicited, and the sender unknown, think twice about doing what it says.









Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //