SmartPhones & Cell – Phone Scams and Trickery

My editor, Don, recently told me that he wasn’t familiar with SMISHING…..This article is dedicated to you Don 


News on Smart Phone Scams!!!

Your cellphone alerts you with your favorite tone— a text message or phone call has come in. It has your bank’s name and has some disturbing news.  Something odd  is going on with your account…”please contact us at the following number to clear this up”… a sense of urgency in the text message….. You’ve just been “smished” When you call the number the text gives you for your bank, you’re actually connecting to the scammers, who ask for your account number, PIN, Social Security number — the raw material of identity theft.

A new year means a new scam, this time, targeting cell phone users. Like traditional “phishing,” “smishing” attempts to get cell phone users to click on a link included in a text message. Schemers often pose as banks or lottery sweepstakes asking customers to contact them immediately about a pressing issue that needs to be discussed. BBB warns about the latest smishing scams and provides the following advice to avoid becoming a victim.


scam textBogus bank alerts lead in smishing attacks. But you may also get texts promising a free laptop, mortgage assistance or lottery winnings. A message may just say, “Short on cash? Reply here!” One new come-on is a supposed free security app to get you to click on a link that in fact downloads identity-stealing software to your phone.

In computing, Smishing is a form of criminal activity using social engineering techniques similar to phishing.  Similarly smishing targets cellular phones.Victim receive an SMS message;  the name is derived from “SMs phISHING” SMS (Short Message Service) is the technology used for text messages on cell phones, with a hyperlink wherein a malware automatically finds its way to the cellular phone, or leads the victim to a phishing site formatted for cellular phones.

Example of a smishing message:

In many cases, the smishing message will show that it came from a random 3 or 4-digit number,  instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, and not sent from another cell phone.

To learn more, read the definitions below:

Botnet:

botnet

A botnet is a collection of software agents, or robots, that run autonomously and automatically. A Botnet uses any number of internet connected computers that inconspicuously forward e-mails (which include spam, malware, or viruses) to other computers on the internet. These infected computers, also known as “zombies” deliver DoS attacks (Denial of Service) and often rely on thousands of zombie PCs.

 

Pod Slurping:

It is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large amounts of confidential data by directly 

podslurping

plugging it into a computer where the data is held. As these storage devices become smaller and their storage capacity becomes greater, they are becoming an increasing security risk to companies and government agencies. Access is gained while the computer is unattended.

BlueBugging:

man-in-the-middle-attack-inIt allows a skilled person to illegally access a cellular phone via Bluetooth wireless technology. More often than not, going unnoticed to the phone’s owner. A vulnerability such as this allows phone calls, and SMS messages to be read and sent, phonebook contacts to be erased, phone conversations to be tapped, and other malicious activities. Fortunately, widespread impact is minimized because of the range of bluethooth technology. Access is only attainable within a 10 meter range of the phone.

 

Ransomware & Scareware

It makes a computer unusable, then demands payment in order for the user to regain full access. Ransomware is also commonly referred to as a “cryptovirus” or “cryptotrojan.” First it will disable an essential system service or lock the display at system startup and encrypt some of the user’s personal files. Then prompts the user to enter a code obtainable only after wiring payment to the attacker or urging the user to buy a decryption or removal tool. Ransomware was originally with a trojan called PC Cyborg.

It is a software that tricks computer users into downloading or purchasing it, under the guise of fixing their computer. Scareware programs often run a fictitious virus and malware scan, and then present the user with a list of malicious programs or problems that must be corrected. The scareware informs the computer user that in order to fix these “problems” it will require the user to pay a fee for a “full” or “registered” version of the software. Examples of scareware include: System Security, Anti-Virus 2010, and Registry Cleaner XP.

 

Sidejacking:

Sidejacking is a hacking technique used to gain access to your website specific accounts. Websites typically encrypt your password so it cannot be stolen, but then send you an unencrypted “session-id”. The session-id is either some random data in the URL, or more often, random data in a HTTP cookie. A hacker who finds the session-id can then use it to gain access to the respective account. Thus enabling the hacker ability to read your email, look at what you’ve bought online, or control your social network account, and so on.

This information is then used to create duplicate credit/debit/ATM cards that was used halfway around the world, within 30 minutes.  Whatever the method, the goal is the same: to get your personal information and money.

The Federal Trade Commission recently moved against a firm that was allegedly offering phony government loans by text. Five and a half million text messages were sent to cellphones in just 40 days — roughly 85 per minute, according to the commission. This firm also is alleged to have sold the numbers of people who replied asking to be removed from the list.

So here’s your defense:

  • Don’t reply. Even sending a “remove” or “stop” response to a smishing text tells scammers that your number is active. Schemers are preying on victims that text back and ultimately verify that the text has been sent to an active cell phone number. If the message has a link in it, never click it. Many schemers use this as way to spread a viral attack on your phone.
  • Block suspicious numbers. Your cellphone provider may be able to block numbers where the texts and calls originate. If you believe you have fallen victim to a “smishing” bank scam, call your bank.Side Jack Cafe
  • They’ll be able to tell you if the text is legitimate.
  • Your bank is texting you? Look up its number yourself — don’t trust the one provided in the text — and call.
  • Don’t store credit card and account login information in emails or notes on the phone.
  • Set your phone to time out and lock after a short period. If it’s stolen, thieves won’t get personal information.
  • Install updates. When you receive a bona fide notification of an upgrade to your phone’s software, install it immediately. If you doubt the message is legitimate, call your cell or app provider
  • Do your research – If you believe you have fallen victim to a “smishing”, lottery sweepstakes scam, contact your BBB directly and if it is a scam, file an official complaint against the business that sent the text.
  • CONTACT THE FEDERAL TRADE COMISSION – The FTC works to legally prevent fraudulent business practices in the marketplace. You may file a complaint with the FTC by calling 1.877.382.HELP (4357).

    To keep yourself informed and prepared so that you can be super-powered as a savvy consumer…..visit Tekknowgerl for articles, tips and suggestions.

Leave a Reply

Your email address will not be published. Required fields are marked *