Watch out for smishing! SMS fraud causing headaches for telecom companies
The rise of SMS fraud, also known as “smishing”, is becoming more prevalent in numerous countries due to the growing popularity of smartphones. Telecom operators are facing this challenge as they convene at the Mobile World Congress (MWC) in Barcelona, the industry’s largest annual event.
What is cheating?
Smishing is a cyber security attack carried out via mobile text messages, also known as SMS phishing, which targets both individuals and businesses.
The name is a play on the term “phishing”, the fraudulent practice of sending emails to supposedly reputable companies in order to trick individuals into revealing personal information such as passwords and credit card numbers.
“In a stunning attack, cybercriminals send fraudulent text messages to trick victims into sharing personal or financial information, clicking on malicious links or downloading malicious software or apps,” Stuart Jones of US cybersecurity firm Proofpoint told AFP.
What is the scope of the phenomenon?
It has grown rapidly in recent years, especially during the Covid-19 pandemic due to the explosion in the use of smartphones for administrative procedures and online shopping.
According to a study conducted in ten countries by the telecommunications industry trade association Mobile Ecosystem Forum (MEF), 39 percent of consumers fell for at least one text message scam last year.
“It’s a very serious problem worldwide,” said Janet Lin, director of development at Taiwanese cybersecurity firm PINTrust, during a panel discussion on the topic at MWC on Monday, the first day of the convention.
According to cybersecurity firm Proofpoint, there are an average of 300,000 to 400,000 SMS attacks per day, and this number is expected to rise.
According to the Federal Trade Commission (FTC), in the United States alone, “shaming” will cost consumers $330 million in 2022, more than double the previous year’s losses and nearly five times more than in 2019.
Why is it so worrying?
The scam is considered more dangerous than email scams because it is harder to identify the perpetrators and because victims think that only known people or organizations can use their number.
“Many people still have a high level of confidence in the security of mobile communications,” said Jones.
“URLs sent in mobile messages have up to eight times higher click-through rates than email,” he added.
Authorities also point to the sophistication of text message attacks, with scammers using companies that specialize in selling personal information or equipment reserved for the military or police.
The scammers are known to use so-called IMSI interceptors, also known as “stingrays”, which mimic cell phone towers to intercept communications from smartphones within 500 meters.
How can it be fought?
Many countries have set up reporting platforms where people can forward suspicious text messages, leaving the authorities to block the numbers.
Image-conscious phone carriers have also set up teams that can filter out some fraudulent text messages using reporting tools on operating systems like Android and iOS, as well as messaging systems like WhatsApp.
However, this task often turns into a cat-and-mouse game where the scammers keep changing their numbers. Fraudsters also take advantage of laws around the world to get away with their attacks.
“While regulators in Europe, the US and China have tightened rules, other regions such as Africa and Latin America have a limited regulatory framework,” the ITW Global Leaders’ Forum, a network of telecommunications leaders, wrote. in the report.
Experts say one of the keys to fighting vandalism is prevention.
“Consumers need to be very skeptical of mobile communications that come from unknown sources. And it’s important to never click on links in text messages, no matter how realistic they look,” Jones said.