A recent surge in SMS phishing attacks, which has tricked consumers into submitting sensitive information, has taken several security experts by surprise. A researcher stated that an attack at this scale was totally unprecedented and unexpected. The attacks which saw cell phones on all major carriers affected was believed to have started on Tuesday, asserted Mary Landsmen, a senior security research at Popular firm Cloudmark.
Putting a number on these attacks, Landsmen claimed that the number of phishing attacks in September rose by almost 900 percent. This figure is relative to the number of phishing attacks that would normally occur in a month. Investigation into the matter has revealed that attackers were using several ploys to obtain sensitive information. In fact there is not a single organisation that saw this coming, and consumers remain astounded after the attacks.
The ploys targets ranged from Bank of America’s suspended accounts, Macy’s collection of credit cards and even U.S veteran’s Administration health services. The concept was pretty simple. A number was sent to the recipent’s phone through an SMS asking to contact the number. When a consumer calls that number, an automated message tricks the victim into submitting the required information. Information obtained can then be used to target other accounts of the same victim. As an example, the ‘561’ extension number seeks information like PIN number and credit card number of their respective Back of America account. A total of 500 such messages have been sent out covering 20 different phone numbers to trick consumers into revealing their information.
The extent and intensity of this situation has forced several security companies into changing their priorities to tackle the problem of phishing through SMS alerts. In fact complaints posted in several web forums are clearly showing that many people have been duped through these scams. Landsmen cited that people being ill informed on such techniques is the main reason why such scams are successful. People fail to realise that just like Emails, cell phone numbers are also great junctions for extracting confidential information. In fact Landsmen stated that people consider their numbers to be “sacred” and thus fail to realise, their numbers are a potential information extracting site for hackers.
Failure to realise such simple facts has hackers running rampant by following random sequences to decide where the SMS is to be sent. People must understand that no company will ask for sensitive and confidential information over the phone no matter how important it might be. Also, consumers can also report such phishing scams (phone numbers) over by texting them to short code ‘7726’.
