AdaptiveMobile has been monitoring the spam campaign for the last 18 months

May 9, 2013 21:31 GMT  ·  By

Mobile security solutions provider AdaptiveMobile warns users from Western Europe that cybercriminals might be trying to trick them into handing over sensitive information with the aid of cleverly designed SMS phishing (SMSishing) messages.

The messages were first spotted 18 months ago, but their numbers have steadily increased ever since.

“Scammers are incredibly persistent and will continue to look for alternative methods for distributing SMS spam without getting caught,” noted Ciaran Bradley, VP of handset security at AdaptiveMobile.

“This threat is particularly worrying for operators looking to retain customer loyalty and trust not only because users had fraudulent activity on their account but also, by imitating them, spammers associated them with the scam. On top of this it cost them significant amounts of money in international termination charges and having their fraud teams investigate the issue.”

So how do these scams work?

The fraudsters send out SMS messages that purport to come from the potential victim’s mobile operator.

“Upgrade your [company name] account to make unlimited free calls to any network click on this link [URL] or copy and paste into your browser,” the malicious notifications read.

Those who click on the links are taken to a phishing site that’s designed to trick users into handing over the information needed to access their accounts on the operator’s online portal.

With this information, the crooks can send out thousands of spam SMSs all over the world. Victims can end up with bills of thousands of Euros because of the large number of text messages sent by the spammers.

The spam SMSs sent out from hacked accounts advertise all sorts of lottery scams. Individuals who really believe they’ve won are told to pay a certain amount of money that’s allegedly needed to claim the prize.

“While many operators have measures in place to combat SMS spam it is important that they are aware of how spammers are diversifying, particularly with compound threats like this one that combine a number of stages and multiple bearers, so they can protect their customers and themselves,” concludes Bradley.