In an ever-evolving mobile communication ecosystem, text messaging has revolutionized the way in which people and businesses communicate. From a one-on-one communication perspective to a comprehensive mobile marketing platform for businesses, over 18 million texts are sent every minute, which keeps growing every day.
The growing success of SMS (Short Message Service), MMS mobile marketing platforms has lured cybercriminals to take advantage of users and expand the SMS threat landscape.
“Your bank accounts have been temporarily suspended. To unlock your card, click here-”
The message captures the user’s attention immediately and an instant reaction will prompt them to click on the said link. Such messages are socially engineered attacks that are referred to as ‘Smishing’(SMS phishing), much like an email phishing attack, which tricks the user into providing information that benefits the fraudster. Despite having spam filters on mobile devices, such messages can bypass security walls to enter your device.
“Congratulations! You’ve won a gift card worth Rs.2500 on a recent payment of your credit card. Click on the link to claim the reward”
Such messages have a higher open rate as people are misguided into thinking that the sender is the bank and the prize being offered is legitimate (owing to rising online transactions in the wake of COVID-19). Given the nature of SMS, dangerous URLs are disguised as harmless web pages.
In an era of one-click marketing where the goal is to garner response through a direct reply or clicking on a link to complete the survey and take home a coupon, fraudsters use it to their advantage using the same technique. Thus, the SMS threat landscape expands as users click the link without verifying the URL and sharing their information. In other instances, the text directs the victims to a website on the pretext of a small gift in exchange for survey participation. The website asks for credit/debit cards, personal details, or bank account numbers to cover the shipping charges, and the victim falls prey to such schemes’ by divulging the details without a second thought. The entire notion for fraudsters revolves around incentive-based fraud which rarely raises suspicious eyes.
In a recent incident, fraudsters targeted PayPal users by sending SMS which said that their account had been ‘permanently limited’. In order to verify the account, the user had to log in using their PayPal credentials to get it up and running again following the link shared on the SMS. The webpage had all the elements of an authentic PayPal website, only with different URLs that went unnoticed by victims. Another payment processor, PayTm, has also been a victim of SMS fraud.
All mobile marketing platforms and businesses are in a tough spot as such frauds are an inherent risk to their brand reputation and revenue streams. Protection against SMS fraud is an important element of not just brand safety but also an important application of mobile security and data protection. All such personalized messages, and branding content that looks legitimate can be a sign of SMS fraud. Fake branding is a scammer’s favorite weapon to trick people. It is important to have tools and measures in place to verify the authenticity of the texts and always be cautious before clicking on any unwanted link to keep trouble away.
