As SA has one of the largest mobile diffusion rates in the world, scammers are turning to SMS technologies to trick users, and deliver social engineering attacks.
This is the view of Dr Pieter Streicher, MD of BulkSMS, who says SMS attacks are alike to the 419-scams from Nigeria.
“The 419 e-mail scams usually speak of an inheritance that the sender is due, but needs a bank account in which to deposit the funds. As prize, the sender promises the bank holder a percentage of the inheritance for the use of the bank account.”
“These 419 scams are a threat,” says Chad Cleevely, SA channel manager at Symantec, “and these scammers are at present riding on the wave of publicity surrounding the World Cup.
“Research shows attackers are going directly after end-users, attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent.”
“SMS phishing attacks are even more dangerous, as it is often a real person that asks for individually identifying details over the phone.” He gives the example of a user receiving a scam SMS alert for their Internet banking account, which could end off reading: 'If you have any enquiries, please contact (number)'.
“Users could fright if they haven't logged into their Internet banking service and right away phone the number provided, which is when the scam will occur.” He says once the scammers have gained Internet banking details there is nothing stopping them from accessing the online banking system and transferring money.
“Mobile operators can implement SMS filters which are able to recognize SMS scams and phishing attempts and block them,” adds Denis Maslennikov, senior malware analyst and mobile research group manager at Kaspersky Lab.
“Even if the scam or phishing message is sent via the Internet, it will have to proceed through the mobile operator's server and can be blocked there.”