In this guest post, Stuart McBride, Head of Threat Intelligence at AdaptiveMobile Security looks at the top text message scams documented throughout 2021, and examines the new, and old, tactics employed by the scammers.
Once it seemed that SMS was yesterday’s technology, so worrying about text message scams may have seemed like paranoia, and investing in SMS security an unnecessary expense. Smartphones brought the ‘real’ Internet to our pockets and new apps offered multiple options for rich messaging.
But simultaneously a new industry of messaging APIs and access to our handsets was growing, and now it’s hard to think of a service provider who doesn’t try to reach you by SMS. Doctors, Refuse Collectors, your Insurance Company and of course the Postal Service and the many Parcel companies delivering items – both expected and unexpected – all reach out by text. With good reason. While emails get lost in the mass of unread messages, the “Promotions” tab or the Junk folder, far fewer text messages go unread.
Whereas SMS scams previously targeted the credulous, interrupting the personal exchanges to announce some unexpected news, they now hide much more comfortably and believably amongst the expected notifications. Depending on the network, a fraudulent text message may even appear to come from the same sender as legitimate messages you’re accustomed to receiving.
In this article, we take a look at the top text messages scams that we saw in 2021.
Top SMS Scams
If there was one standout tactic that scammers have employed over the past year, it would be hiding under the cover of “expected” messages.
1. Covid-19 fails to go away
Like the virus itself, mentions of Covid-19 came in waves and may never entirely go away. They ranged from suspiciously generous offers:
“Due to COVID -19, Netflix is giving everyone a free 1-year subscription to help you stay at home. Get yours here
to direct offers of help:
ALERT: Marie, Congress Could Sign 1.9tn Covid StimuIus Package! -Stop2Quit- Do You StilI In Need of Hardship Aid?
ALERT: Josh, Congress Reaches 900biIlion Covid Relief Deal! -Stop2Quit- Are You StiIl In Need of Economic Assistance?
But the bigger opportunity for scammers was exploiting the “new reality” that working from home and generally staying home has introduced, e.g.
- Home deliveries replacing traditional retail
- More online banking
- More Netflix subscriptions
Whether it’s your own or your car’s health, you’ll be offered a pick of insurance policies by SMS. But more often than not you’d be better off not taking them. A good rule of thumb may be to never trust an insurer who can’t spell.
Yourr insurance is $$ 39/month here now. Best rates around! http://fakes
We are having a down payment speacila today if you still need auto insurance please call nnn-nnn-nnnn.
But better advice may be to always source your own insurance from the many trustworthy avenues available, and don’t respond to text scams.
3. Scammers deliver
Parcel delivery scams ran all year, spiking in the summer months.
U S P S/(Alert!): We are Unable to delivery your Parcel Number :US33490118590 , please update your shipping address check here :
ORDER ERROR: You have (1) PAID item in your cart. You forgot to set delivery preferences. Update delivery preferences NOW:
WALMART ORDER: You have (1) PAID item in your cart. You forgot to set delivery preferences. Update delivery preferences NOW:
While one may think of phishing/smishing as a scheme to obtain banking details, with the risk of immediate financial loss, some scams may simply ask for your name and address for “delivery” and add it to the phone number they already have for use in a more complex follow up.
The biggest delivery scam of the year came in April, with the FluBot malware using parcel delivery messages (among others) to encourage the recipient to download malware to their Android phone.
4. Plenty more phish
Bank phishing has become the classic SMS scam and 2021 was no different. What perhaps changed was the number of targets and hence the likelihood of a successful phish. With increased authentication requirements for larger online credit and debit card transactions, even some of the most ardent hold-outs from online banking will have relented during the past two years.
[53rd-Bank] #ID309: An online payment of $89.50 has been deducted. IF THIS WAS NOT YOU, Please verify below:
Due to unusual activity, we have placed a temporary hold on your online banking. To(Con’t) 2 of 4remove this hold , kindly verify your identity into details with the link provided HERE
(CITI-BANK-FRAUD-DEPT) A hold has been placed to online banking due to recent activity. To restore full access go to
Ćįti – We have freezed your banking account due to unusal logins from
5. A new oil to cure all
Cure-all health scams have entered popular culture via the “snake oil salesman,” which involved a travelling salesman with dubious medical qualifications promising miracle cures from his bottle of snake oil.
Without commenting on the efficacy of any particular remedy, miracle cures are still regularly pushed through aggressive spam campaigns. With CBD [link] now legal in many territories, its apparent wide-ranging benefits are pushed daily through SMS:
You have been selected for a CBD extract in gummy bears free sample. The benefits are insane. This ends tomorrow
Breakthrough new revolutionary CBD Gummies that handles Type-2 immediately blows the sharks away.Drops A1C On The Spot!Heal Your Type 2 TodayGet Yours Right Now
Are you or a loved one struggling to quit smoking? These Revolutionary new miracle CBD Gummies eliminates nicotine cravings completely. Get Yours Right Now
SMS text scams are not just a pain for mobile network operators. They affect brands, aggregators and consumers worldwide. Therefore, the security of messages should not be looked at purely from the operator’s point of view. Protection can be delivered at point of origin on the aggregator side, in transit or before delivery on the operator side.
Over the last year, we have seen that more and more Communication-Platform-as-a-Service (CPaaS) providers are embracing security as an added value. Considering the is growing, this is a positive trend in order for them to differentiate, avoiding the risk of their messages being blocked by operators and improving message delivery rates and, consequently, their revenues.
When a customer falls victim to a bank phishing attack, compromising their data or losing money, they don’t just think about their network operator, the name of the bank used to commit the crime faces major reputational damage as well. Mobile Network Operators, CPaaS providers, aggregators, enterprises and the entire mobile-ecosystem need to work together to protect subscribers and maintain the SMS channel as a trusted means of communication.
There are security solutions available such as SMS firewalls and messaging intelligence managed services that have proven very effective in drastically reducing text message scam traffic and protecting consumers, brand reputation and revenues.
This blog post originally appeared on the Adaptive Mobile Security Website and is re-used here with kind permission