As we have covered before, spammers will often reference popular or topical events in the spam messages they send to their victims, in order to makes their attacks more impactful and trick the victim into doing something- whether that be to ring a number, click a link or respond to the spammer. From political events, to video game releases or even just seasonal events, using what is currently in the news is a tried and trusted attack technique for spammers across all messaging mediums including SMS.
Predictably, and sadly, in recent weeks our expert Threat Intelligence analysts at AdaptiveMobile Security have seen the rise of SMS Spam attacks relating to the Coronavirus (Covid-19) pandemic, targeting vulnerable mobile network subscribers. These SMS Spam attacks attempt to use the fear around the Coronavirus worldwide emergency to try to push their targets to respond to the SMS spam, and so monetise (i.e. make money from) the attack.
As the biggest news event affecting the world today, this is not unexpected, and it is not only the SMS channel that is receiving Coronavirus-themed attacks, attacks featuring or using the pandemic are happening currently across email spam, malware and malicious domains. There is prior history here too, other previous 'news-worthy' disease outbreaks in the past, such as H1N1/swine flu , MERS and Ebola have also witnessed similar ’spam outbreaks’.
However, given the scale of the Coronavirus outbreak, and the fact there will be enough fear and uncertainty resulting from the pandemic during the coming weeks and months, we should not let spammers exploit that fear for their own gain. To help educate people on what this spam looks like, we profile here the type of spam attacks that we have seen in the US over the last few days, so those that receive these messages know how to react and respond if they come across these scams, or others like them.
A note on the messages below and what is spam. With our mobile operator customers we work to block spam based on standard industry definitions, that is: bulk and unsolicited messaging being sent to mobile phone users. The content of the message itself is actually not relevant for this. But by looking at the format of the resultant reported and blocked spam we can then break them up into different types.
What these messages look like
In general, we are seeing and blocking many types of Coronavirus themed spam being sent in the US. There is a considerable amount of overlap, but in general there are probably 3 main types that are relevant. Examples of these types are below:
Spammers use these types of messages to entice the target of the message to signup for something which is being given away, the theme here is they imply this help the target person during the Coronavirus pandemic. One normal example are payday type loans. Emotionally charged messaging based on fear, like “banks maybe[sic] closing“push the target to sign up as soon as possible.
These types of messages are designed in order to make the target think the spammer has public health information of value to the target, and they need to respond back with their details. Spammers use these kinds of message to ‘harvest’ the phone number of people who may be worried about the pandemic, and then follow up with more messages. If the target responds they may not receive any specific information of this type, but would then normally start receiving multiple other types of spams, such as Giveaways, or goods being sold.
Finally, these messages attempt to sell something that they state can help with Coronavirus, with the emotional implication that these are needed to keep the person and their family alive. Typical types of things are masks, survival guides, along with medically unsupported treatments such as CBD oil for Coronavirus. Regards of their efficacy, whether the recipient would actually receive any of these items is uncertain.
An example of one of these sites is the following. This is a typical website using the appearance of a Fox News type layout to appear legitimate/more professional and is attempting to sell Cannabidiol (CBD) oil. However, it is not associated with the Fox News website or domain in any way. Clicking on links within the fake website takes you to additional sites where you are asked to sign up and buy CBD oil.
What is the spread of Coronavirus spam, and what can you do
So far the overall amount of these attacks is relatively small compared to volumes of other more traditional types of SMS spam. We have different ways of measuring the impact, but as a rough guide, we can use number of complaints about received SMS spam as a rough proxy for overall volumes of sent SMS spam. This relationship is not fixed, but it works as a rough measurement. We can see below that for one typical US Mobile Carrier, Coronavirus themed spam accounts is still small, but you can see that it is growing - from a very low base a few weeks ago to its current level of 6.5% on Tuesday 17th of March. To quantify the impact, our estimates would be that on the 17th, that a range of tens of thousands to low hundreds of thousands of people in the US were targeted by SMS Spam Coronavirus-related attacks. Most of these would have been blocked, but some can get through as spammer adjust and change their attacks.
We hope to provide further details over time, but it is a safe prediction that as long as the Coronavirus pandemic remains in the news, we will be dealing with spam attempting to benefit from it.
Our advice to consumers is to be constantly vigilant. Do not click through on any links in SMS messages that you feel may be suspicious, or respond to unsolicited message. Plus in the US you can report these spam messages to your carrier by forwarding the message to the phone number 7726 . This helps the carrier (and us) identify and block more of these type of messages in the future.
Like a pandemic, these types of messages often hurt the most vulnerable people in our society. But in this case, there is something you can do – do not respond, and forward it to your carrier if you can. Finally, when it comes to medical information, our recommendation is to rely on information from official sources, such as the WHO and check with your country’s official government sources for information in relation to health and travel advisories.
Stay safe, wash your hands, and don’t click on strange links.
Many thanks to Cary Anderson and Stuart McBride for contributing to this blog
Cathal Mc Daid is one of the world’s foremost experts in Mobile Network security and his pivotal work in the industry has been recognized by the GSM Association. As CTO his role is to define the technology strategy and long-term technical vision, as well as to lead the team responsible for applied research in the fields of cybersecurity & mobile networks.