2 weeks Ago
FBI tells smartphones users to ‘stop’. AFP via Getty Images American iPhone and Android users are being hit with a deluge of dangerous texts as organized Chinese gangs target states and cities across the country. And those attacks are now surging.
The FBI warns users to delete all such texts received, and to “ stop ” before responding or engaging with any unexpected messages. “Scammers often create a sense of urgency to rush you into acting quickly,” a frighteningly effective tactic. On Wednesday, the Federal Trade Commission reported that last year saw a 500% increase in annual losses to text scams over 2020.
“Consumers reported losing $470 million to scams that started with text messages,” it said. The report highlights package deliveries, fake job offers, banking fraud alerts and unpaid tolls as the key messages to watch out for. But the lure can be anything.
Messages will hide behind a brand or agency and will include a link to a website that will phish for credentials or take a fraudulent payment. These smishing attacks are supported by kits that are sold, rented or operated by Chinese cybercriminals. The links themselves are often a telltale sign that the text is a scam, using non-U.
S. domains with an extended link including multiple misleading keywords. You can read more about those links here , including the new ruse that disguises a malicious link as the genuine “.
com” address for the brand or agency being mimicked. New research last week highlighted the scale of some of the Chinese networks — such as Smishing Triad — behind the scams, and warns that the unpaid toll plague is just the beginning. The next wave of attacks is expected to copy major financial and banking brands, tricking users into giving up their credentials or moving their money.
SlashNext’s J Stephen Kowski told me the Chinese gangs "have evolved from targeting toll road and shipping customers to directly attacking international financial institutions, using sophisticated smishing techniques that bypass traditional security measures. These attackers are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google.” The FBI confirmed its smishing advice last month for all smartphone users: check your accounts using usual, legitimate websites or contact providers by phone, delete all texts received, and check your accounts and change your passwords if you’ve provided data.
According to Zimperium’s Kern Smith, “the latest wave of mobile SMS scams is a stark reminder that mobile devices and apps are uniquely vulnerable — and often under protected — against attackers," while the new reports “show the continued investment by cybercriminals in targeting mobile users.”.
