SMS fraud, a headache for telecom operators
BARCELONA:
SMS fraud, or “smishing”, is on the rise in many countries, fuelled by the increasing use of smartphones. This is a challenge for telecom operators who are meeting at the Mobile World Congress (MWC), the sector’s biggest annual gathering, in Barcelona this week.
What is smishing?
Smishing is a cybersecurity attack carried out over mobile text messaging, also known as SMS phishing which target both individuals and corporations. The name is a play on the term “phishing”, the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers “In a smishing attack, cybercriminals send deceptive text messages to lure victims into sharing personal or financial information, clicking on malicious links, or downloading harmful software or applications,” Stuart Jones of US cybersecurity firm Proofpoint told AFP.
Scale of the phenomenon
It has grown rapidly in recent years, particularly during the Covid-19 pandemic due to the explosion in the use of smartphones for administrative procedures and internet purchases. According to a study carried out in ten countries by the Mobile Ecosystem
Forum (MEF), a telecoms industry trade association, 39 percent of consumers were confronted with at least one SMS scam attempt last year.
“It is a very serious issue globally,” said Janet Lin, head of development at Taiwanese cybersecurity firm PINTrust, during a panel discussion on the subject at MWC on Monday on the first day of the congress. An average of between 300,000 to 400,000 SMS attacks take place every day, according to cybersecurity firm Proofpoint, and that figure is expected to rise. In the United States alone, “smishing” cost consumers $330 million in 2022, more than double the losses reported in the previous year and nearly five times the amount lost in 2019, according to the Federal Trade Commission (FTC).
Why is it so worrying?
Smishing is considered more dangerous than e-mail scams because it is more difficult to identify the perpetrators, and because victims tend to think that their number can only be used by known people or organisations. “Many people still have a high level of trust in the security of mobile communications,” said Jones.
“Click rates on URLs sent in mobile messaging are as much as eight times higher than those for e-mail,” he added. The authorities also point to the growing sophistication of SMS attacks, with fraudsters using companies that specialise in the sale of personal data, or devices reserved for the army or police. Smishing rings have been known to use so-called IMSI catchers, also known as “stingrays”, which mimic cell phone towers to intercept communications from smartphones over a radius of 500 metres.