Mobile Security - Mobile Spam



Take a look at the following screenshot. You might have received a similar SMS which seemed to be genuine. In fact, after a bit of analysis, we realize it is not genuine. It is an example of SMS phishing.

SMS Phishing

The links in the SMS may install malware on the user’s device or direct them to a malicious website, or direct them to call a number set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details. This technique is used a lot in cybercrimes, as it is far easier to trick someone into clicking a malicious link in the e-mail than trying to break through a mobile’s defenses. However, some phishing SMS are poorly written and clearly appear to be fake.

Why SMS Phishing is Effective?

SMS Phishing is successful because it plays with the fear and anxiety of the users. Irrational SMS instills fear in the mind of the users. Most of the scenarios have to do with the fear of losing money, like someone has purchased something using your credit cards.

Other instances include, the fear when an SMS accuses you of doing something illegal that you haven’t done. Or an SMS regarding the possibility of harming your family members. of your family, etc.

SMS Phishing Attack Examples

Now let us see a few examples to understand the cases where SMS Phishing mostly happens.

Example 1

Generally, scammers use email to SMS to spoof their real identity. If you google it, you may find many legitimate resources. You just google search: email to SMS providers.

Scammer

Example 2

The other classical scam is financial fraud which will ask you for PIN, username, password, credit card details, etc.

Classical Scam

Example 3

Spelling and bad grammar. Cyber criminals generally make grammar and spelling mistakes because often they use a dictionary to translate in a specific language. If you notice mistakes in an SMS, it might be a scam.

Scam

Example 4

SMS phishing attempt to create a false sense of urgency.

False Sense

Example 5

Cybercriminals often use threats that your security has been compromised. The above example proves it well. In the following case, the subject says you have won a gift.

Cybercriminals

Example 6

In this case, an SMS asks you to reply so that they can verify that your number is valid. This can increase the number of SMS spams in your number.

SMS Spams

Example 7

Spoofing popular websites or companies. Scam artists use the name of big organizations that appear to be connected to legitimate websites but actually it takes you to phony scam sites or legitimate-looking pop-up windows.

Spoofing

Prevention and Solutions

In order to protect ourselves from SMS phishing some rules have to be kept in mind.

  • Financial companies never ask for personal or financial information, like username, password, PIN, or credit or debit card numbers via text message.

  • Smishing scams attempt to create a false sense of urgency by requesting an immediate response. Keep calm and analyze the SMS.

  • Don’t open links in unsolicited text messages.

  • Don’t call a telephone number listed in an unsolicited text message. You should contact any bank, government, agency, or company identified in the text message using the information listed in your records or in official webpages.

  • Don’t respond to smishing messages, even to ask the sender to stop contacting you.

  • Use caution when providing your mobile number or other information in response to pop-up advertisements and “free trial” offers.

  • Verify the identity of the sender and take the time to ask yourself why the sender is asking for your information.

  • Be cautious of text messages from unknown senders, as well as unusual text messages from senders you do know, and keep your security software and applications up to date.

Pairing Mobile Devices on Open Bluetooth and Wi-Fi Connections

Bluetooth is a similar radio-wave technology, but it is mainly designed to communicate over short distances, less than about 10m or 30ft. Typically, you might use it to download photos from a digital camera to a PC, to hook up a wireless mouse to a laptop, to link a hands-free headset to your cellphone so you can talk and drive safely at the same time, and so on.

To obtain this connection, devices exchange each other’s PIN, but in general as a technology it is not secure. It is a good practice to repair the devices after a period of time.

What a hacker can do with a paired device?

  • Play sounds of incoming call
  • Activate alarms
  • Make calls
  • Press keys
  • Read contacts
  • Read SMS
  • Turn off the phone or the network
  • Change the date and time
  • Change the network operator
  • Delete applications

Security measures for Bluetooth devices

  • Enable Bluetooth functionality only when necessary.
  • Enable Bluetooth discovery only when necessary.
  • Keep paired devices close together and monitor what's happening on the devices.
  • Pair devices using a secure passkey.
  • Never enter passkeys or PINs when unexpectedly prompted to do so.
  • Regularly update and patch Bluetooth-enabled devices.
  • Remove paired devices immediately after use.
Advertisements