Skip to main content

SMS phishing attacks skyrocket as summer ends

The summer heat may be on its way out, but mobile scams are just gearing up for autumn.

In the first week of September, SMS phishing attacks rose by 913 per cent, making spam the number one text-based threat, according to a report from Cloudmark.

In a Friday blog post, Cloudmark senior security researcher Mary Landesman pointed to a single set of attacks that began on 4 September, as the culprit for the week's surge. Over the course of four days, more than 500 unique phishing scams were sent out by attackers.

Each one followed the same general format (as posted by Cloudmark) – "Fwd: Good Afternoon .Attention Required Call.(xxx)xxxxxxx" The phone numbers that victims were asked to call included area codes from New Jersey, Alabama, Texas, Illinois, New York, Rhode Island, Florida, Michigan, Georgia, California, Missouri, and South Carolina, as well as 866, 877, and 888 freephone numbers.

Cloudmark reported that the attackers were phishing for victims' sensitive credentials via Bank of America account suspensions, Macy's credit card collections, and the US Veteran's Administration health services.

Those who fell for the scam are at risk of being subjected to bank account theft, credit card fraud, or identify theft, Landesman stated. She suggested that anybody who received one of the SMS phishing messages should text the code 7726 to notify their network.

"And remember," she said, "never divulge sensitive information to any source you have not fully vetted. When in doubt contact your bank, credit card company, or health provider by known good numbers you have on file," Landesman said. Never respond via the contact information sent in an unsolicited text message.

Last month, a researcher highlighted an iOS-based flaw that allowed scammers to spoof their identifies and make it look like text messages were coming from legitimate sources. Apple, however, said the problem was not unique to iOS.