Smishing Surge Signals Switch in ID Theft Tactics

Increasing use of smartphones sees jump in text-based smishing scam: Internet Scambusters #789

Using phone text messages to try to steal confidential information -- smishing -- is the new weapon of choice for ID thieves.

In this week's issue, we'll explain how it works and the 10 steps you can take to avoid it.

We also have news of a long-established TV show scam that's started showing up on Facebook.

Now, here we go...

---

Smishing Surge Signals Switch in ID Theft Tactics

---

Cyber criminals are stepping up their use of smishing -- SMS texting to steal personal information from victims.

The crime has been around for 10 years but, in the past, scammers mainly used emails and fake websites to steal ID details. But because texting has now become the default way many people communicate, scammers have clearly decided to follow suit.

"Everybody is at risk. Anybody with a cell phone is a potential victim," a spokesman for security software company Trend Micro said recently.

"With a phishing email, we'll see a broad attack campaign by a criminal sending out a mass of emails because email is essentially free."

With text messages, the scammers have to pay but the cost of SMS messages has fallen substantially in recent years, making it a more attractive tactic.

The crooks send texts to cell phones in particular area codes or to people who've already given their cell phone number to a website that has been hacked.

If their hack reveals other information -- for example, an interest in a particular subject or event -- they'll often use this information in a really convincing text.

Other times, they pose as well-known organizations, often the IRS or banks.

In the past, these messages used phone numbers that victims were supposed to call, thinking they were connecting to the relevant organization.

But now, the text messages ask people to either directly key in their information as a reply text or to visit a fake website that requests account and sign-on details.

A typical smishing message says "IRS Notice: Tax Return File Overdue! Click here to enter your information to prevent being prosecuted."

A further example, requesting users to directly supply information, says: "Dear customer, Bank of America needs you to verify your PIN number immediately to confirm you're the proper account holder. Some accounts have been breached. We urgently ask you to protect yourself by confirming your info here."

Crooks are also using texts to dishonestly tell people they've won a prize at a well-known retailer like Best Buy.

A cybercrime specialist at security firm ESET, told the USA Today newspaper: "Criminals like smishing because users tend to trust text messages, as opposed to email, of which many people are more suspicious, due to phishing attacks."

What You Can Do

The fact that people have wised up to phishing emails shows we now need to be equally skeptical about text messages, especially those asking for information or including links.

Here are 10 important steps you can take to avoid the risks of becoming a smishing victim:

1. Beware of any number you don't recognize.
2. Just because the sender seems to know something about you or your interests doesn't mean the message is genuine. "If they know you are interested in a concert or shopping experience, they will be able to write a much better text message to lure you in," said the ESET spokesman.
3. Don't click links in texts unless they come from someone you know. Even then, be wary since crooks can and have hacked cell phone users' numbers.
4. Don't download apps that any text message encourages you to install.
5. Never give any personal information in response to a text request. Independently find the number of the supposed sender and call them to check if the message is real.
6. Don't respond in any way to a text you're suspicious about. Often SMS messages invite recipients to reply with the word "STOP" to an unwanted text -- but, in this case, it only confirms to the sender that they reached you, and they'll send you more messages.
7. Install security software that's capable of spotting a smishing attempt.
8. Be cautious about sharing your cell phone number online, especially if it's linked to an event or subject that interests you. Only do this if you know for sure you're on a reputable site.
9. And don't enter competitions or surveys that ask for your cell phone number.
10. Check itemized charges in your phone bill for anything that looks suspicious, even if you didn't reply to a smishing message.

Expect to see more smishing scam attempts in 2018. It's a crime that is seriously on the rise, not just in the U.S. but globally.

Back to the ESET spokesman: "As smartphones are the primary means of accessing the Internet in some countries, this has tempted criminals around the world to invest in scams that target these devices."

Alert of the Week

Sorry, you didn't just get selected to be featured on the HGTV show Property Brothers.

The long-standing scam in which victims are told they've been selected for the popular show has now popped up on Facebook.

Apart from a couple of spelling mistakes, the main giveaway is a request for upfront money -- that's not how the show works.

That's all for today -- we'll see you next week.