By Zakir Hussain, CEO, BD Software Distribution Pvt. Ltd
Attackers continue to rely on SMS messages to spread malicious links and spam, and people continue to fall victim. The simple truth is that this scam strategy continues to work. As users, we have some simple tools that we can use to weed out malicious messages, complementary to the existing security solution.
Despite being treated as ancient technology, SMS messages are still widely used. They might not meet the same privacy standards as an end-to-end encrypted app, but they have other advantages.
For example, sending an SMS doesn’t require mobile data; instead, carriers deliver the messages.
SMS as a tool for companies
People have dropped SMS messages as a primary means of communication, but companies and even governmental institutions continue using these messages. Attackers know this and are always on the lookout for a way to slide their malicious messages into your inbox. It’s easy to blend in, especially when a malicious message might look like something official.
That’s not to say that SMS is unsafe as a technology, but people and security solutions working together could easily make this problem disappear. Attackers use specially crafted texts that seek to persuade people to click on links. And those texts are also the best way to recognize a malicious message.
The urgency
One of the most common ways to make people open a link is to impart a sense of urgency, saying the recipient must quickly carry out some action or face negative repercussions. Some of these urgencies sound important. When Europe was going through a natural gas or electrical power crisis, utility companies seemed to send SMS messages threatening to disconnect customers if they didn’t make a quick payment.
When tax season goes into full effect, people get warnings that there's a problem with their tax form or that they still need to pay more.
Another common type of message refers to a lost parcel or some minor payment that needs to be completed soon or else.
The else is crucial to the scammer. It’s also a red flag when filtering SMS messages. If something has to be done quickly under threat of punishment, it’s most likely a fraud, phishing scheme, or malware.
The winner
Since attackers also use the carrot and stick method, it’s easy to see the other types of malicious messages. The urgency is the stick, and the carrot is a promise of winning. Convincing users that they’ve won some great prize is also quite common, but sometimes it’s a small price to make it more believable. And all you have to do is pay a small shipment fee.
Finally, criminals will try to take advantage of significant events, like the Turkey earthquake, pleading for donations. It’s a safe bet that malicious SMS messages will follow immediately after something noteworthy happens, sometimes within hours.
If we remember that companies and governmental institutions don’t send ultimatums and threats via SMS messages and that nobody ever won anything without participating, the chances of us being scammed drop significantly.
It also helps to have a security solution that can screen SMS messages and warn users about dangers hidden within them. Knowledgeable users and a powerful security solution will make the life of criminals much more difficult.