SMS phishing leads to an advance fee spam scam across Europe

AdaptiveMobile first noticed the scam 18 months ago and has monitored a steady increase ever since. It combines a phishing scam with subsequent spam and an advanced fee fraud; and conforms to typical SMS scams: each ‘run’ is short-lived and localized.

The first stage is the phish: Thousands of SMS messages are sent to subscribers in order to phish their account details. The lure is a promotional offer, such as “Upgrade your [redacted] account to make unlimited free calls to any network click on this link http://[redacted].com/online.htm or copy and paste into your browser.”

The link naturally goes to a fake site where the user is asked to enter his or her account details – after which the user is redirected to the genuine provider’s portal while the account details are sent to the scammer. Armed with the user’s login details, the scammer then sends out thousands of SMS spams at the user’s expense; which can amount to thousands of Euros when the bill for international messages is delivered. By this time, the scammer has long since moved on to the next victim.

“Scammers are incredibly persistent and will continue to look for alternative methods for distributing SMS spam without getting caught,” says Ciaran Bradley, VP of handset security, AdaptiveMobile. “This threat is particularly worrying for operators looking to retain customer loyalty and trust, not only because users had fraudulent activity on their account but also, by imitating them, spammers associated them with the scam. On top of this it costs them significant amounts of money in international termination charges and having their fraud teams investigate the issue.”

The distributed spam is itself far from innocent. It’s an advance fee fraud. One example is, “Your mobile has won 330,000 AUD in Nokia/freelotto.ref No: NFL964. To claim send your name email and mobile to Nokiaconnect@[redacted].com tel:+4470[redacted].” Advance fee frauds make money by asking ‘winners’ to pay a handling fee, or shipping fee or any other advance fee the scammer thinks he might get away with.

What’s hot on Infosecurity Magazine?