As experts in mobile security, AdaptiveMobile Security’s Threat Intelligence Unit is familiar with countless messaging scams, from which we protect mobile subscribers. In this blog, the second in our messaging security series, I’ll be discussing the scam texts our team have detected – specifically the attack types we observe most frequently and the threat they pose to subscribers.
Global Threat Intelligence
See below an example of the volume and attack types picked up by our global Threat Intelligence Unit on a typical day. On average, 3 billion messages are scanned per day with 1% of those being blocked due to them being a potential security threat. The pie chart in the middle displays the submissions the team receives from mobile subscribers, some of which are clustered automatically as either spam or clean messages, and others that get investigated individually by our team of security analysts.
The last chart on the right offers an analysis of the main types of scams we have observed. The attacks I’ll be touching on in this blog are messaging scams that are most frequently observed, and those that come with the highest threat levels. That list includes phishing scams, payday loans/financial scams, gambling messages, adult messages, and malware attacks.
1. Phishing Attacks
The largest volume of attacks, shown in red, are phishing attacks. These are the most dangerous attacks to subscribers, as they are associated with the highest risk of financial loss. These attacks involve tricking users into handing over sensitive information which the attacker then exploits. Read more about this type of messaging attack here.
2. Loan Scams
We see a lot of messages pushing financial scams such as payday loans, which can result in information theft, blackmail and financial loss. The example below is of a car warranty scam picked up by our threat intelligence unit:
Greetings, It's Sally, at the car coverage team, will you please phone back on 866-9xx-xxxx about your 2019 Lexus vehicle warranty text UNFOLLOW to unsubscribe
In this message, the attacker is attempting to have the user call a number to discuss an alleged car warranty. The model of the vehicle referred to in the message is actually the vehicle belonging to the receiver of the message – This information can often be obtained from motor vehicle records, and in some cases is purchased from data collection firms. If the user decides to call this number, they will be informed that their car warranty is about to expire and will need to be extended. The scammer will attempt to get the subscriber to purchase an extended warranty from them which is usually worthless, thus defrauding the victim. These scams can also be used as a method of phishing, with the attacker requesting sensitive information over the phone.
3.Gambling and Adult Messaging
Gambling or adult messaging spam are usually promotional messages designed to get the user to sign up to an adult or gambling site. These messages can sometimes appear to have been sent by someone in the user’s contacts. Sometimes these gambling sites can pose more danger to the subscriber than they realize. The user’s information may not be secure on the website, putting themselves at risk of information and/or identity theft.
Malware attacks can be particularly difficult to track and block. Our Threat Intelligence team detects and closely monitors URLs that are known to spread malware. These spam text messages can result in malware infecting the mobile phone, with URLs redirecting the user to sites that have been set up specifically to spread malware, or pre-existing sites that have been compromised. The following is an example of an SMS message investigated by our Threat Intelligence Unit containing a malware link:
You have received an MMS message. Read here: http://xxxxx/xxx
The message claims that the user has received an MMS message, and to view it they must click the link. If the user does click the link, they are taken to a website and asked to download an app. Once downloaded, this app will install malware onto the device. Malware could be in the form of ransomware, spyware, adware etc. Read more about different strains of malware here. Although malware only represents a small portion of the mobile attacks we’re seeing daily, if this type of attack is successful it can result in serious consequences for the subscriber.
Messaging attacks remain an ever-changing threat, with new attack methods arising frequently as threat actors adapt to changing environments. Our threat intelligence team utilizes the global deployments of AdaptiveMobile’s Network Protection Platform to provide mobile network operators with advanced protection through the correlation and analysis of over 48 billion dark data events every day. Visit our security insights page to learn more.
Caitriona is a recent graduate of the National University of Ireland, Galway, where she completed a bachelor’s degree in global commerce. As part of her degree, Caitriona studied abroad in Canada and worked as a marketing intern back in Ireland. Over the course of her studies, she developed a passion for both marketing and cybersecurity, specialising in marketing in her final year. Caitriona is now working as a marketing assistant at AdaptiveMobile Security, a role that marries both of her passions.