SMS fraud, a headache for telecom operators


An average of between 300,000 to 400,000 SMS attacks take place every day, according to cybersecurity firm Proofpoint, and that figure is expected to rise. — Bloomberg

BARCELONA: SMS fraud, or "smishing", is on the rise in many countries, fuelled by the increasing use of smartphones.

This is a challenge for telecom operators who are meeting at the Mobile World Congress (MWC), the sector's biggest annual gathering, in Barcelona this week.

What is smishing? Smishing is a cybersecurity attack carried out over mobile text messaging, also known as SMS phishing which target both individuals and corporations.

The name is a play on the term "phishing", the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers

"In a smishing attack, cybercriminals send deceptive text messages to lure victims into sharing personal or financial information, clicking on malicious links, or downloading harmful software or applications," Stuart Jones of US cybersecurity firm Proofpoint told AFP.

What is the scale of the phenomenon? It has grown rapidly in recent years, particularly during the Covid-19 pandemic due to the explosion in the use of smartphones for administrative procedures and Internet purchases.

According to a study carried out in ten countries by the Mobile Ecosystem Forum (MEF), a telecoms industry trade association, 39% of consumers were confronted with at least one SMS scam attempt last year.

"It is a very serious issue globally," said Janet Lin, head of development at Taiwanese cybersecurity firm PINTrust, during a panel discussion on the subject at MWC on Monday on the first day of the congress.

An average of between 300,000 to 400,000 SMS attacks take place every day, according to cybersecurity firm Proofpoint, and that figure is expected to rise.

In the United States alone, "smishing" cost consumers US$330mil in 2022, more than double the losses reported in the previous year and nearly five times the amount lost in 2019, according to the Federal Trade Commission (FTC).

Why is it so worrying? Smishing is considered more dangerous than email scams because it is more difficult to identify the perpetrators, and because victims tend to think that their number can only be used by known people or organisations.

"Many people still have a high level of trust in the security of mobile communications," said Jones.

"Click rates on URLs sent in mobile messaging are as much as eight times higher than those for email," he added.

The authorities also point to the growing sophistication of SMS attacks, with fraudsters using companies that specialise in the sale of personal data, or devices reserved for the army or police.

Smishing rings have been known to use so-called IMSI catchers, also known as "stingrays", which mimic cell phone towers to intercept communications from smartphones over a radius of 500 metres.

How can it be fought? Many countries have set up reporting platforms to which people can forward suspicious SMS messages, leaving it up to the authorities to block the numbers.

Image-conscious telephone operators have also set up teams capable of filtering out some of the fraudulent SMS messages, aided by the reporting tools of operating systems such as Android and iOS, and messaging systems such as WhatsApp.

However, this task often turns into a cat-and-mouse game, with fraudsters constantly changing their number. Fraudsters also take advantage of differences in laws in across the globe to get away with their attacks.

"While regulators in Europe, the United States, and China have been tightening the rules, other regions, such as Africa and Latin America, find themselves with limited regulatory frameworks," the ITW Global Leaders' Forum, a network of telecoms executives, wrote in a report.

One of the keys to fighting smishing is prevention, experts say.

"Consumers need to be very sceptical of mobile messages that come from unknown sources. And it's important to never click on links in text messages, no matter how realistic they look," said Jones. – AFP

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Tech News

HP, Dell's weak forecasts spark share selloff, doubts over PC market recovery
Does your teen recognise AI? Do you?
Elon Musk asked people to upload their health data. X users obliged.
India probes Google Maps after three deaths
Video game console makers confront performance ceiling
At least S$40,000 lost to Netflix phishing scams in Singapore since October
This Chinese humanoid robot is going open source
OpenAI allows employees to sell $1.5 billion stock to SoftBank, sources say
Why scrolling on digital devices could actually make you more bored
Canada AI project hopes to help reverse mass insect extinction

Others Also Read