Beware – SMS SPAM lurking around

Beware – SMS SPAM lurking around
Most of us receive several unsolicited SMS each day enticing us into several offers ranging from pizza food chains to expensive gadgets and travel holidays. These are junk messages referred to as SMS spam. A portion of these messages are purely intended for advertising, while the other ones are floated around with a malicious intent. These text messages pose a greater threat to end users as compared to virus laden emails. Also most of the time users do not anticipate dangers of SMS spam and take it lightly as the messages arrive in their devices.  Fraudsters take advantage of this fact and gets away with user data. With the advent of social media messenger apps like WhatsApp, Viber etc. threat landscape has all the more amplified. The modus operand of the campaign is luring the users to click a malicious link; malware is planted on the device leading to leakage of sensitive information like passwords from the user’s device.
And as devices are not having the requisite security controls in place, users get duped with the attack.  One of the reasons of their success is also attributed to the nature of SMS as it tends to appear in smaller screen and also quicker opening of SMS as compared to an email.


Few typical SMS examples are as follows

1. Free iPhone 7 as a promotional offer link-​ This will be spam link and on click will download a virus on the device.
2. Subscription type costing user money- Enticing users to subscribe to get instant cash.
3. SMSishing Type of message- This can trick a user into revealing information like name and mail address for getting entry into a sweepstake type of event.
 
In one of the recent incidents in Aug 2016, vulnerability in Apple iPhone devices was exploited by sending simple text message with a specially-modified image file. This allowed hackers to gain access to user’s iPhone leading to leakage of sensitive information like passwords etc.
Similar well known attack called Stagefright also had a similar attack vector which led to a hack of 950 million android phones.
As we can see from the above two incidents that even a single SMS is enough to create havoc.
 

Precautions

Simple but important guidance which will help us mitigate the threats, as user is normally always the weakest link in the security chain.
  •  One should not click any link in a message especially from unknown numbers.
  •  Some messages urge you to call on a particular number. Never fall in this trap.
  •  Never reply to a text message asking for personal information
  •  Be alerted to SMSes originating from suspicious looking patterns like ‘MT-LTFair’, ‘5DG25’ etc.
  •  Nowadays, it is worth the investment in a dedicated antivirus solution which will block these unwanted messages and will blacklist them.
 
Rate this article: 
0
No votes yet
Article category: 
Keywords: