The Metropolitan Police Service’s cybercrime unit has arrested a 20-year-old man who is behind the high-volume phishing campaigns as part of SMS Bandits to trick people into handling their account credentials.
The Metropolitan Police Service’s cybercrime unit has arrested a 20-year-old man who is behind the high-volume phishing campaigns as part of SMS Bandits to trick people into handling their account credentials.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>SMS phishing, or Smishing has been gaining popularity as a phishing channel to target unsuspecting victims. With the right software, it can be almost as easy to send mass smishing messages as it can be to send email phishes. </p> <p> </p> <p>People receiving links via SMS are often less suspicious when compared to links in emails, and have fewer tools available on their phone to easily validate the authenticity of a message. Therefore, it\’s vital that people are made aware of these scams and remain vigilant about them. </p> <p> </p> <p>Organisations also need to be mindful of how they communicate with their customers and if they do use SMS, to not include links. Rather, invite people to navigate to their site directly. </p> <p> </p> <p>It\’s great to hear the suspect behind SMS Bandits has been apprehended, but Smishing is here to stay, and will only increase in frequency and sophistication over time.</p>
<p>It should be noted that just as we see SaaS solutions for legal businesses, what has been taken down here is a SaaS solution for criminals, essentially a service providers with the means to facilitate part of the fraud, the distribution, but not committing the end fraud which is left to the buyer, the other criminals. Just as EncroChat provided criminals a means of encrypted communication without requiring individuals to arrange secure communications, this service has provided criminals without the skills or means to do so to send a large volume of text messages.</p>
<p>This SMS phishing service will have picked up a lot of victims because most people are unaware that attackers also use text as a way to distribute phishing scams.</p> <p> </p> <p>Most security education focuses on telling people not to click suspicious links in emails, but very few warn about Smishing, which is very common and very easy for attackers to pull off.</p> <p> </p> <p>Companies should ideally avoid sending out text messages which include links that need to be actioned, instead they should use SMS as a means to send out information to customers. Anyone who receives an SMS from a source they do not recognise should treat it with suspicion, and never click on links or give away personal or financial information.</p>
<p style=\"font-weight: 400;\">Smishing continues to rampage through smartphones and catch people out due to the more authentic feel and the lack of ways to verify when compared to a traditional phishing email. Not only are people less suspicious when receiving text messages, these messages often come packed with a level of fear attached in order to manipulate the unsuspecting victims into clicking the link without even a moment to think.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Anyone receiving such text messages with links must first spend time studying the URL. There will often be a clue in the wording that when inspected will highlight that it likely won’t take you to the genuine site. If ever in doubt, contact the genuine company on a number you find on the true website.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">It is also advisable to block such numbers from texting you, as well as contact your service provider who can take action against spam messages. Although this won’t completely eradicate the problem, it may help towards receiving less unsolicited messages in the future.</p>