HOW TEXT SPAMMERS TRY TO TRICK YOU
Going local makes them look legit
(Editor’s note: This is the inaugural CyberTruth column, which explores trends and breaking news in the cybersecurity field.)
SEATTLE If you use an Internet-connected smartphone, touch tablet, ereader, notebook, laptop or desktop computer you ought to care about cybersecurity and online privacy. Here you’ll find information you can use to live your digital life more securely — and on terms of your choosing.
So let’s drill down on a particularly nasty form of fraudlent spam that’s on the rise: SMS text-messaging spam.
Spam is most familiar as obnoxious pitches for dubious products that most of us are used to ignoring. But cybercriminals have figured out that they can trigger any number of lucrative scams if they can get us, via a text message, to do something, such as click on a link, send a text or make a phone call.
The immersive Internet cloud and our love affair with mobile devices combine to make a perfect platform for clever spammers. Text messages are cheap, anonymous and scalable. And we haven’t learned to be as wary as we should be of messages that arrive on our phone screens.
So spam gangs are increasingly supplementing their e-mail campaigns with SMS spam. Their singular goal is to get more of us to click on more of their messages.
The elite spam gangs are making high use of tracking techniques, pio- neered by the likes of Google and Facebook, to infuse more efficiency into their scam campaigns. Each time you type your phone number into a Web form, such as your Facebook profile page or a Web survey, that data get compiled, stored and sold to marketers, including spammers.
The best-and-brightest spammers are obtaining and using these lists of active numbers. Anyone can go online and buy lists of 100,000 numbers, broken down by carrier, for as little as $400.
One particular gang has begun sending messages to active numbers in certain area codes — after first correlating smaller local banks to phone numbers, says Gareth Maclachlan, chief operating officer of AdaptiveMobile, a British firm that supplies telcos with traffic-monitoring systems.
In early April, AdaptiveMobile recorded spammers targeting an exact location in Tennessee with 11,738 spam messages in a single attack. This was part of a much larger scheme to reach patrons of smaller financial firms in several states with SMS text messages advising each recipient that his or her bank card had been deactivated, and supplying a phone number to call.
“If you target a particular message to individuals living in a particular town, and you know the local bank there, you’re likely to get a better hit rate than if you mass marketed the whole of the U.S. with a well-known bank,” Maclachlan says.
On the other end of the line: a con artist poised to trick the victim into divulging access information. The spammers wouldn’t do this, if they couldn’t cash in quickly. They likely are collaborating with other gangs who recruit and manage “money mules” assigned to instantly transfer funds through several online accounts and, finally, extract cash from an ATM.
The lesson: Each tidbit of information you divulge about yourself online is valuable — to legit marketers and shady spammers. So be savvy, and be safe.