From online banking to storing sensitive personal information, from business management to available services, mobile phones have become an extension of our identities. Fraudsters know this and that’s why phones are a prime target for identity theft and financial crimes. Nearly one in three Americans (68.4 million people) have been victims of mobile phone scams representing almost $40 billion in financial losses.
So how do cell phone scams work? Let’s understand the three main techniques used by fraudsters to target mobile users:
Phishing (or smishing) is probably the most widely used tactic in mobile phone scams. The average American consumer receives about 20 SMS per month, a number that has more than doubled over the past three years. Text messages usually start with a link (using a Shortened URL) to some kind of survey, prize, sweepstakes, or sweepstakes, or it is an urgent notification regarding your bank account, credit card, or tax refund. Victims are typically prompted to visit a website, download an application, enter login credentials, or fill out a form on a page controlled by attackers. Once the victims complete the desired action, the attackers steal the victim’s credentials, bank account, other sensitive information or infect the device with malware to carry out further attacks .
Voice phishing (or vishing) is another form of phishing where scammers call unsuspecting victims pretending to be legitimate businesses or people they trust. Attackers may use a combination of scare tactics and emotional manipulation to gain the victim’s trust and deceive them into performing an action. Common examples include neighborhood calls, tax refunds, healthcare scams and tech support calls. In addition to this, robocalls (scam calls that use recordings instead of humans) are also a widely used tactic in vishing. Americans received 50.5 billion robocalls in 2021 and is the number one cause for complaint to the FCC.
3). SIM card exchange
Mobile phones are used for authentication purposes by banks and other service providers (via one-time passwords or passcodes) as a means of verifying identities. If crooks can somehow gain access to a phone’s SIM card, they can take control of text messages, emails, and other sensitive information. SIM swapping is the fraudulent act of transferring a mobile SIM card to the ownership of a scammer who then uses it to compromise the victim’s digital identity or banking credentials. To do this, the attackers steal the victim’s SIM card or use the victim’s personal information to scam the mobile operator into transferring the victim’s number to another device controlled by the scammer. Earlier this year, the FBI issued an alert, highlighting $68 million in losses attributed to the SIM card swap.
How Users Can Avoid Being Victimized
Some mobile phone scams can be very targeted, making it difficult for even the most security-savvy user to detect them. Here are some best practices that can help:
- When you receive an unexpected text message, watch out for common warning signs such as spelling mistakes, grammatical errors, unexpected prizes, or gift cards.
- Be careful with links in SMS messages. If in doubt, visit the website directly instead of clicking on the link.
- Do not connect your mobile Wi-Fi to unknown networks or unknown Bluetooth devices. Avoid sending sensitive information over public Wi-Fi unless the network is secure.
- Only use mobile apps from your phone’s official app store. Avoid downloading apps from a browser. Beware of unknown developers or apps with bad reviews. Don’t grant admin privileges unless you really trust the person. Keep apps updated to make sure they have the latest security patches.
- Beware of advertisements, giveaways and contests that can lead to phishing sites that steal information. Pay special attention to URLs. Avoid saving login credentials in web browsers – they can be easily hacked.
- Do not respond to phone, social media, or email inquiries for financial data or sensitive information such as credentials or access PINs. Never return missed calls from unknown numbers or unknown country codes. Provide account information only to the people you initiated the call with, not the other way around.
- If you’re a business owner, make sure your users receive regular security training and follow cybersecurity best practices when using mobile phones. Run tabletop exercises and phishing simulations with real-world examples so employees develop their muscle memory to recognize and report phishing and social engineering scams.
More … than 80% of cyber incidents are due to human error. Being aware of what spam looks like in all its different disguises will go a long way towards reducing the likelihood of a successful phone hack. Because the fact is, phone and text scams aren’t going away anytime soon.
About the Author:
Stu Sjouwerman is founder and CEO of KnowBe4, [NASDAQ: KNBE] developer of security awareness training and phishing simulation platforms, with 50,000 customers and over 25 million users. He was co-founder of Sunbelt Software, the anti-malware software company acquired in 2010. He is the author of four books, including “Cyberheist: The Biggest Financial Threat Facing American Businesses”. He can be contacted at [email protected]