Common Types of Mobile Cyber Attacks and How to Prevent them

/in /by

With the ubiquity of people owning smartphones and having a growing dependence on them for e-commerce, it has become an attractive avenue for cybercrime. Security researchers report a 500% surge of mobile cyber attacks, as scammers try to steal bank details and passwords or even get full control of phones. However, other forms of mobile malware have invasive snooping features that can record audio and video, wipe data and content, and track your location.

What Are Mobile Cyber Attacks?

Cyber attacks are malicious and deliberate actions by an individual or organization to breach the system of a phone. Usually, when this happens, the attacker is targeting a full compromise of the device, access to email and other apps, or access to sensitive data. The text messages and emails smartphone users receive are often linked to some viruses that are a form of malicious software oh, that would result in a remote takeover of the device. 

There’s a decent chance that many smartphone users have experienced a type of malware that infected their phones without their knowledge. Security researchers say that one-fifth of smartphone users have encountered malware, with four out of 10 phones vulnerable to cyber attacks, often Androids. Let’s look at various forms of malware:

Forms of Mobile Security Malware

As mentioned above, mobile malware is a type of spy malware specifically written to attack the phone – they rely on exploiting different operating systems and mobile technology. There are various forms of mobile malware, each enabling attackers to be more agile in their attacks. Here are a few of the most common:

Mobile Spyware

This type of mobile malware monitors and records information plus actions of an end user without their knowledge. Like other malware, mobile spyware is installed by a phone user unwittingly. The spyware will install on a phone when a user side loads a third-party software application, redirects to a malicious website, or leaves the device unattended. 

If successfully installed, the intruder may be able to eavesdrop on a phone user’s conversations and have access to data that’s on the phone and those transmitted by the device. Anyone can become a victim of mobile spyware; therefore, installing security protection is essential.

Rooting Malware

The Rooting malware works by gaining root access to your smartphone. It gives the malware heightened authority over your phone, allowing the attacker to do some nasty stuff while lurking on a device. This happens when a user visits spamming or phishing websites. If your phone becomes vulnerable to rooting malware, the attacker can delete or install applications and copy confidential information.

Mobile Banking Trojans

Mobile banking Trojans are the most dangerous form of mobile malware. They hack all mobile banking apps and try to steal information and money from the phone’s owner. Any phone users who have bank details on their phone are at risk of getting hacked with Trojans. 

Moreover, Android users are at the highest risk of getting hacked, as most of them usually pose as legitimate applications, so a phone user can unwittingly download the app.

SMS Malware

The mobile SMS malware uses short message services (SMS) plus other messaging applications to access your phone. Others use malicious websites and software to enact damage to phone users. Anyone, which is everyone who uses text messaging applications is at risk of falling victim to such malware. It sends unauthorized texts and emails without the user’s knowledge. Moreover, it can intercept calls and texts. Typically, this malicious software poses as legit mobile applications, making unsuspecting phone users believe it’s safe to install them.

How Does a Smartphone Get Infected?

Smartphone viruses work the same way computer viruses do. A malicious code infects the phone, replicating itself and then spreading to other devices by auto messaging to a user’s contact list or even auto-forwarding as emails. How does your smartphone get infected with such malware? 

There are various ways a phone can get infected, including:

  • Installing a malicious mobile application.
  • Opening or clicking links from malicious emails, websites, or texts.
  • Responding to emails, text messages, and voicemails phishing scams.
  • Using a smartphone that has a vulnerable operating system. A good example is using a phone with an operating system that hasn’t been updated.
  • Utilizing URLs and WI-FI that aren’t secure.

Signs to Watch Out for in an Infected Smartphone 

While it can be difficult to tell if a phone has been infected with malware, the phone may start acting a little weird. Some signs to watch out for include:

  • Poor performance: Some applications installed may take quite a long time to open or crash randomly.
  • Battery drains: The battery charge drains quickly due to the malicious system overworking in the background.
  • High consumption of mobile data.
  • Unexpected billing charges like high data usage costs, thanks to malicious software eating up all your data.
  • The phone may start overheating unexpectedly.
  • Unusual pop-ups.

Keep in mind that when your phone is experiencing these signs, it doesn’t automatically mean that it’s due to mobile malware. Sometimes, your battery is just old or malfunctioning, and you need a new one. If you change the battery, but you’re still experiencing battery drains and unexpected charges, it could definitely be infected, and this is your sign to look for ways to remove the malware.

Removing Malware 

Once you suspect your phone has been infected with a virus, there are various steps you can take. First things first, you’ll need to remove the malware to prevent further damage. Use these simple troubleshooting steps.

  • Shutting down and restarting: The process will help you prevent further damage when you don’t know where the malware is.
  • Activating safe mode: This will depend on the type of phone you’re using, as different types have different setup features for activating safe mode. You can use the phone’s manual to see how you can set up safe mode on your phone.
  • Uninstalling suspicious application: When you notice an application installed on your phone but didn’t recall installing it, it might be a malware, and you need to remove it as soon as possible.
  • Clearing browser history: You’ll first go to the settings section of the phone and click on clear data or website history. The process helps to get rid of pop-ups or text messages that are on your web browser.
  • Erasing all data: Factory resetting the phone is the last step to successfully removing malware on your phone. Keep in mind that factor resetting will automatically delete all data on your phone. Make sure you save all important information somewhere else before you factory reset.

Protecting your Phone from Malware Infections

After fixing your phone, it’s important to safeguard it from future infections and other security risks. Here are some preventative measures you can use to secure your phone.

Installing Mobile Security Application 

Antivirus apps ensure your phone isn’t infected with a malicious software application. They detect and alert the phone user of the potential risks of a malware attack. There are various free anti-malware solutions at your disposal; extensive research will help you settle on one that’s effective.

Be Wary of Public Wi-Fi

Connecting your phone to any public Wi-Fi can leave it vulnerable to mobile malware, especially if it’s not secure. Using hotspot devices for internet services while traveling will help you protect your phone from hacks. It’s also better to turn off your Wi-Fi and Bluetooth when they’re not in use to secure your phone from malware that can try to access it through public Wi-Fi.

Moreover, you need to be wary of public charging stations as some of them are compromised with malicious malware. Various reputable internet services offer secure Wi-Fi and hotspot devices that can limit the use of public Wi-Fi.

Social Engineering Scams

Have you ever been in a situation where an individual tries to manipulate you into giving up your personal information? Well, that’s what social engineering scams are all about. They try to entice you to let go of your passwords and bank details or try to get control of your computer. Usually, they come in the form of emails, text messages, and even phone calls. When such circumstances happen to you, and your gut feeling is not sitting right with it, evade it at all costs.

Update your Phone’s Operating System 

It’s wise to update your phone’s operating system when it tells you to do so. This is because it patches security gaps and improves your phone’s performance. Before you try to update the device, you’ll first have to:

  • Charge your phone.
  • Backup files.
  • Ensure your phone is compatible with the upgrade.
  • Delete applications that are no longer in use.

Avoid Jail-breaking or Rooting the Phone 

Rooting mainly applies to Android users. The process allows an individual to access a phone’s operating code. This process gives a user the authority to modify the phone’s program or install other programs that the manufacturer wouldn’t otherwise install. Jail-breaking, on the other hand, applies to iPhone users, which allows unauthorized individual access to the entire file system.

Encrypting Mobile Devices

The process allows mobile users to protect their information, making it hard for attackers to decipher the information when malware occurs. Therefore, encrypting information on your mobile phone is highly encouraged, such that when you lose your phone or misplace it, no one can attempt to access it and attain information.

Backing up Data

It allows phone users to access their data from other devices. This process is convenient for people who’ve lost their phones and may want to restore their old data on their new phones or after malware. The process is different for different phones; therefore, take a look at your manual to see how the process works for your phone.

Use Official Phone’s App Store to Download Application 

This may be an obvious solution, but an important one. If you’re browsing for a new game or other productive applications, use the Google Play store or Apple App Store. It will ensure you only download safe applications. It’s imperative to check the ratings of the application, reviews, private policy, and authority if available. You’ll determine which features on the phone the application can access after installation and accept those you’re comfortable with.

Reviewing Access Permission 

You can easily review the access permission of your phone in the settings section for applications and application notifications. While trying to download a particular application, you must agree to its terms and conditions. This is where it includes the access permission on the phone. In most cases, users can unknowingly accept an application to access their personal information, making them vulnerable to suspicious individuals. Therefore, they’ll need to review the access permission from time to time to patch vulnerability gaps.

Locking your Phone with a Strong Password 

The process may vary depending on the type of phone you’re using. Most password settings include but are not limited to;

  • A minimum of four-digit alphanumeric password. 
  • Facial recognition.
  • Fingerprint verification. 
  • Drawing patterns. 
  • Using a password consisting of letters, numbers, and symbols.

Setting up Device Finders and Remote Wipe Features 

When you set up Find My Phone features on your phone, it allows you to locate your phone when lost or misplaced from another device (usually of the same brand). The feature works when your phone is online and not shut down. 

Remote wipes are an excellent feature when the phone is shut down. It allows the device owner or a phone’s network administrator to delete data from computing devices.

SIM Swapping 

Cybercriminals are gaining new ground in their operations. They’re going far and wide to steal personal information from unsuspecting people. Did you know a cyber attacker can replicate your SIM card without your knowledge? Yes, it’s possible through SIM swapping.

First things first, SIM cards are subscriber identity modules unique to a phone user that stores phone plans, contacts, and texts, among other things. You can easily use this SIM card on another phone and still retain your contacts and texts from your previous phone.

Cyber attackers wanting to impersonate you will trick the mobile carrier of your SIM card to swap your phone number to a new card. Usually, the attackers have some personal information about you and will use this information to convince your mobile carrier to reassign your phone number to a new SIM card. Upon a successful SIM swap, the attacker will change your password to lock you out of your mobile banking accounts and then steal whatever money on there. 

How Can You Tell Your SIM Card Has Been Swapped?

You’ll know your SIM card has been swapped when you notice your phone no longer connects to the cell’s network. Usually, you’ll not be able to make calls, send messages, or surf the internet when you’re not connected to Wi-Fi. Since people use their phones every day, they’re likely to find out quickly that their phone isn’t functioning as it should. 

Moreover, when a SIM card isn’t working, the mobile carrier usually sends a text message informing the user that the card is no longer in use. When you receive such a message, you’ll need to deactivate your SIM card; if you didn’t deactivate the card, call your wireless provider immediately.

Preventing SIM Swapping 

It’s very important to set up measures that’ll protect your device and personal information from SIM swapping. Let’s look at some of them.

Setting Up a Two-Factor Authentication 

You can set up a two-factor authentication limiting SIM swapping using authentication applications. A SIM swap can never occur through authentication applications compared to emailed or texted codes; therefore, an excellent measure to put in place. Add security measures to the authentication application like a PIN code, face, and fingerprint ID, among other things. Don’t go for something obvious; use assorted random numbers as your password.

Be on the Lookout out for Phishing Attempts 

Most cyber attacks emanate from phishing attempts. First, they’ll try to phish for personal information before conducting cybercrime. Mostly, they incorporate fear, urgency, or excitement in their emails, texts, or calls, to distract the victim into giving up their personal information like PINs, Social Security numbers, passwords, and birthdates.

Be vigilant of calls or texts from people or organizations you don’t know; they might be cyber attackers trying to phish for information. Moreover, avoid clicking on suspicious links.

Use a Password Manager 

Usually, your browser will ask you to save a particular password. It’s essential to always say No! However, not saving will make it hard to remember all your unique, long passwords. Even so, you can entrust all your passwords to a password manager.

The secure password manager will make you remember one password. Others passwords will be encrypted and secured by two-factor authentication. This makes it hard for a cybercriminal to attain your passwords.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com.

Think Twice Before You Take a Fun-Looking Online Quiz – A Hacker Might be Behind It

/in /by

Though it might look like a fun thing to do, you better think twice before taking that quiz that pops up on your social media page. A hacker, otherwise known as a “social engineer” might have created it to obtain your personal information.

Criminal hackers are all over social media sites, and it should be no surprise that they have tricks up their sleeves to get the information that they need. Social media crime is on the rise. Some studies show 100’s of millions of dollars have been lost, much of that in cryptocurrency and credit card fraud.

Identity theft is part of the reason a hacker will use social media to gather info, and it’s much easier to do than you might think. Let’s take a look at some of the most common scams hackers use on social media:

Surveys and Quizzes

Have you seen those quizzes that say “Click here and reveal your “Porn StarName,” or “Fill out this quiz to find out how many kids you will have?” Though these might be totally innocent, and a little ridiculous, they could also be designed by a hacker. The idea behind these quizzes revolves around “knowledge based authentication” scams. Basically information about us, questions we answer, that are used as security questions on various forms and websites. The answers in many of these quizzes could be used to reset or crack your various pass codes.

Generally, when you fill these out, you will enter information like the street you live on, the name of your pet, your favorite song, or even your birthdate. There is a dark side to this…the information you are providing may be the exact information a hacker needs to steal your identity or get into an account.

If you think about your accounts, it’s very possible that your bank, for instance, requires you to answer questions to get your password or get into your account. What do these institutions ask? Thinks like “What is your favorite song?”  “What is the name of your pet?” As you can see, you are giving a hacker the answers to these questions when you are taking the quiz.

You can avoid all of this by scrolling right past these quiz opportunities.

Get-Rich-Quick Schemes

There are also “get-rich-quick” schemes on social media that hackers use. These include things like direct messages offering a grant or a fake business opportunity like a pyramid scheme. They also start things like gifting circles, that seem innocent, but are designed to steal personal information or money, or even both.

Gone are the days of fake Nigerian princes…now we are dealing with something much more sinister. You can avoid these scams by just taking a little time to research any business opportunity, offer, or even organization that contacts you via social media.

Imposter Scams from the “Government”

Scammers also try imposter scams on social media, and they do this by pretending that they are a government official, like someone from the IRS. The scammers might use messages on social media to pose as a tax collector, or they might offer a refund…if you confirm your personal information. As you might imagine, there is no confirmation — you are simply giving up the information they need to either steal your identity or hack into your important accounts.

Always delete these messages if you get them. The IRS will never contact you via social media, nor would they ask that you pay a bill with a gift card, a wire transfer, or with cryptocurrency.

Imposter Scams from “Family and Friends”

A scammer might also try a “family and friends” scam to get information from you. Thanks to social media, a hacker can learn more about who you know and trust, and then pretend that they are those people. In one of example, a hacker will pretend to be a person’s grandchild and send them a message online asking for money because they have a problem, but if you actually do send money, the cash goes right to a hacker.

If you have a situation like this, and you are not sure if a person is who they say they are, you need to do your research and reach out to the person. Don’t just pay them without doing this.

The Romance Scam

Finally, we have the romance scam. In this case, the hacker will strike up an online relationship with a potential victim, and it will eventually become romantic. These can happen on social media sites, or they can be directly on a dating site. They often create personas that have exotic jobs, such as a doctor in Africa, or as a military member stationed in the South Pacific. They work to build trust with their victim, and when the time is right, they come up with a sob story about how they need money, and many victims, believing that they are in a true relationship with this person, send the money willingly.

To avoid this type of scam, never, ever send money to a person you meet online, especially if they say they are a doctor or a member of the military.

Protect Yourself from ID Theft and Social Media Scams

Now that you know that there are a lot of hackers and scammers out there trying to take advantage of you, here are some ways that you can protect yourself:

1.    Spruce Up Your Privacy Settings–The first thing you need to do is to set up your social media profile to be private and set it so that only your friends and family can access it. This means that you have a much smaller chance of getting access to your account. Also, it’s a good idea to stop sharing information like where you went to high school and your full date of birth. The less information you post, the less likely it is that a hacker can gain information from you.

2.    Be Skeptical – You always want to be a skeptic when it comes to anything online. There are so many scams out there, and so many attempts to get information, that you really need to be skeptical. If you are willing to lower your guard, a scammer is definitely willing to take your information. So, really look deep at any messages you might receive, especially if something looks weird or sounds off. You should also notice things like bad grammar or a lot of typos. Those are a great indication that you might be dealing with a scammer.

3.    Actually Know the People You are Friends With – Do you actually know everyone on your friend list in real life? Most people don’t, but you really should be selective about who you are allowing to see your content. Anyone on your friend list can see your information, and that means they have access to personal information about you if you post it. You also have to be aware that someone on your friend list could be copying and pasting from your page or making screen shots.

4.    Follow Up – Have you gotten any messages from a friend of yours that just seems like it is a bit strange? If you do get this type of message, don’t click on anything and don’t reply. For instance, if your best friend Peter sends you a message to “Check out this link,” and it’s something that Peter would never be interested in, you should check with Peter another way, like with a phone call or text, to find out if it’s legit or not.

5.    Look Out for Others – Finally, you should look out for other people when you get a weird message or strange request. If you get a weird message from a friend, you should let that friend know. If someone lets you know that there might be a duplicate account of your personal account, you should let your friends know.

Try to Stay One Step Ahead of the Hackers

Before concluding, there are a few other things that you can do in order to stay a step or two ahead of hackers. First, make sure that you are using a strong, unique password for your account. Utilize a password manager. Never use the same passcode twice. A virus protection software suite is also recommended. Using firewalls is helpful, too, as well as a VPN.

You can also sign up for ID protection services, which will help to keep important information, such as your email address, under monitoring. With this type of protection and a bit of focus from you, it will be easier than ever to keep an eye out for scams, and you can get back to enjoying social media as it was intended.

Robert Siciliano CSP, CSI, CITRMS is a security expert and private investigator with 30+ years experience, #1 Best Selling Amazon.com author of 5 books, and the architect of the CSI Protection certification; a Cyber Social Identity and Personal Protection security awareness training program. He is a frequent speaker and media commentator, and CEO of Safr.Me and Head Trainer at ProtectNowLLC.com

Prepare Your Digital Life Before You Die

/in /by

In life as in business, we need to have contingency plans. That means backing up our back up and that means having a plan for when we expire. Nobody really wants to deal with that expire part. Nobody wants to address the fact that the clock is ticking. But you need to.

Prepare Your Digital Life Before You DieBeing in the business of security awareness training, and having a relatively accessible (and some might say – high) online profile. I am contacted by a lot of people facing a number of different issues. Lots are victims of various crimes, both in the physical and virtual world, such as victims of stalking, or they claim their devices are being spied on, (often I think they might be legit paranoid), or they’ve lost money in some type of a scam, you name it. Sometimes I function as a “victims advocate” and I do have a soft spot for those in a bind.

However, there are a number of situations where I am simply not in a position to help. I may not have the resources, for example I can’t (nobody can) call Facebook and get your hacked account back, and I am not a boots on the ground detective in a position to intervene in whatever wire fraud loss you may be dealing with.

What I often do, is provide perspective, like, for example, if they were notified of a data breach, and their credit card is involved, they call me freaking out, and I tell them that doesn’t necessarily mean their identity is at risk because credit card fraud is not the same thing as your Social Security number in the hands of criminals and so on.

Sometimes people just need a little “talking off the ledge” and engage with an expert to feel better about their situation. And then there are situations that come up, like the unexpected death of a loved one. To me, those are often the worst. That’s because I am empathetic to someone’s real pain and problems, but I’m not fully equipped to help. But like most plugged-in people, I do have some pretty good connections.

That brings me to Bob Young of FIFO Networks. Bob was introduced to me by my vCISO Mike. Bob is a guy who has a skill set that very few have, and he has a bedside manner that makes him perfect for his job. He is a super nice guy. Bob specializes in a number of technology disciplines, but what he’s really good at is getting access to digital devices that few can get access to. So, for example, if your loved one dies, Bob has a good chance of getting in their phone or computer or accounts. Frankly, I hope that you never ever have to meet Bob.

One word for a guy like Bob might be a “hacker”. And while to some, this word might be offensive, there are all kinds of hackers out there. There are good hackers known as “white hats” and there are bad hackers, known as “black hats”, these terms come from the old spaghetti westerns. Bob is definitely one of the good guys.

Below is a discussion between Bob and I and a little bit about what he does, and what you should be doing now to prepare for the inevitable. Yes, inevitable. You are going to die. Me too. It’s coming.

Robert (Me): Thank you for joining me today. Can you share a story or two about what it looks like when someone comes to you to assist in digital recovery after someone’s passing?

Bob: Certainly. Recently a grieving brother called me to access his deceased brother’s computer. The brother mentioned significant investments and a missing will, hoping the computer held clues.

Robert: What are the primary goals in digital recovery after someone dies?

Bob: There are two main goals: data recovery and account recovery. While these goals overlap, they’re distinct. Data recovery involves retrieving information, while account recovery focuses on gaining access to accounts, often requiring passwords and recovery keys.

Robert: In our discussion, you mentioned various encryption methods. Could you elaborate on how encryption impacts the recovery process?

Bob: Absolutely. Encryption, like BitLocker or FileVault, adds complexity. For example, recovering data from a Windows computer with BitLocker may require accessing the Microsoft account for the recovery key. Physical security keys or a Yubikey can be game-changers, but they’re rare.

Robert: Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) play a significant role. How do these impact the recovery process?

Bob: 2FA and MFA add an extra layer of security, often involving codes sent via text or authenticator apps. Accessing the deceased’s phone becomes crucial for unlocking accounts requiring 2FA/MFA.

Robert: Unlocking devices seems central to the process. Where do you usually start, with the phone or the computer?

Bob: It’s somewhat circular. While unlocking the computer might grant access to significant accounts, you often need the phone for 2FA. I typically start with the phone, ensuring its accessibility.

Robert: Unlocking a deceased person’s phone appears challenging. How do you approach this?

Bob: While biometric authentication is common, knowing the PIN or pattern code is usually sufficient. In case family members don’t have this information, alternate methods exist to bypass biometric authentication using a PIN.

Robert: What if the computer is locked? What steps do you take to unlock it?

Bob: Unlocking methods vary, but it’s best to start by asking relatives or friends for the password. Failing that, searching for written records or changing the unknown password can be attempted. Password-cracking tools and password removal are more complex options.

Robert: Can you share a specific case, like Ron’s, where you successfully recovered critical information?

Bob: In Ron’s case, finding a will and stock market investments was a priority. After searching Ron’s office, I used professional tools to change the computer password. No encryption hurdles meant swift access to essential information, including the will stored on the computer and a backup in county records.

Robert: What advice do you have for individuals to prepare for digital recovery after their passing?

Bob: Preparation is key. Maintain a well-organized offline list of passwords, use a password manager, grant access to your phone, document financial accounts, file your will with county records, and ensure your trusted person knows about any physical security keys.

Robert: Lastly, you mentioned legal considerations. How do you navigate the legal aspects of account and data recovery?

Bob: Legalities are crucial. I comply with government laws and often require proof of relationships. However, online account providers may have their own procedures, emphasizing the importance of proactive steps like setting up Legacy Contacts on platforms such as Facebook.

Robert: Thank you for providing insights into this intricate process. If our readers have further questions, they can contact you at your website, correct?

Bob: Yes, that’s correct. If anyone needs more information, they can reach out to me at fifonetworks.com/contact-us.

Thank you Bob. And to my loyal readers, like I said, as much as I like Bob, I hope you never have to meet him. Meanwhile, to summarize, here are some action items, things that you can, and should do now to prepare for your demise.

  1. Maintain a Password List: Keep a complete, well-organized, offline list of all passwords, including those for computers, online accounts, and other devices.
  2. Use a Password Manager: Simplify the process by using a password manager. Have written records of two passwords: the master password for the password manager and the computer login password.
  3. Grant Access to Your Phone: Ensure that your trusted person knows the PIN or pattern code for your phone. Consider including this information in your password list.
  4. Financial Accounts List: Keep an updated list of all financial accounts, including banks, investments, and other relevant details that your trusted person might need.
  5. File Your Will: File a copy of your will with the County Records office. This ensures a legal and easily retrievable document for your family.
  6. Physical Security Key: If you use a physical security key, like a Yubikey, make sure your trusted person knows about it, what it looks like, and where to find it.
  7. Set Up Legacy Contacts: On platforms like Facebook, set up a Legacy Contact to manage your page after you die. This proactive step facilitates smoother access for your family.
  8. Emergency Information: Consider creating a sealed envelope or a digital document containing essential information about your digital assets and how to access them. Ensure your trusted person knows where to find this.
  9. Online Account Provider Procedures: Familiarize yourself with procedures offered by online account providers. Some platforms have features like Legacy Contacts that you can set up in advance.
  10. Communication: Lastly, communicate your wishes regarding digital assets to your trusted person. Let them know your preferences and where to find critical information in case of your passing.

Taking these proactive steps ensures a smoother transition for your family members when dealing with your digital afterlife.

Spammy Scammy Text Messages: Fake Accounts on the Rise as Scammers Use Phone Farms

/in /by

Every single time I get on a stage and present a security awareness training program, someone desperately asks me how to stop all the scammy text messages. My response is the same for everybody; You can’t. What you can do is play the Whac-a-Mole game and continually mark them as spam and block them. That’s it. It’s just an annoyance, like mosquitoes.

Spammy Scammy Text Messages: Fake Accounts on the Rise as Scammers Use Phone FarmsThere are a few things that you can, and should do… straight from Apple:

Block messages from a specific person or phone number on an iPhone

When you block a specific contact or phone number, messages from that person or number aren’t delivered. (The person sending the message doesn’t know that their message was blocked.)

1.    Open the Messages app on your iPhone.

2.    In a Messages conversation, tap the name or number at the top of the conversation.

3.    Tap Info, scroll down, then tap Block this Caller.

Most of us are receiving spammy scammy text messages on a regular basis. These text messages pose as somebody who we are supposed to know who lost their phone or someone who supposedly is our friend asking us out to lunch or some other request designed to engage us in a conversation.

The texts themselves serve a few different purposes for the scammers. The impetus for all of them is some form of fraud. This will include a romance scam where they engage you and eventually it leads to a crypto scam, called “pig butchering”. Weird name, but very lucrative for the bad guys.

Another is so they can create Google Voice accounts and compromise your Gmail and Google account. In this scam, the scammer approaches sellers on Facebook Marketplace and pretends to be interested in something you’re selling. They ask for your phone number to discuss the purchase. Then scammer uses the victim’s phone number to create or take over a Google Voice account by convincing you to fork over any form of two factor authentication alert you might receive on your device during the transaction.

Many of the scams involved compromising your phone number so they can be used for verification on various websites.

The verification stage required for opening new online accounts is usually the one thing internet users dread the most. It can be a pain in the neck, and most people would rather forget the process altogether.

However, the reason why many sites force their users to verify their identity is to safeguard their details and for the safety of all legitimate account holders on their platform. Despite these efforts, it seems scammers have found a way to bypass the security measures that have been put in place.

There are services, such as 5Sim, that allow users to rent a phone number specifically for use in the SMS verification process. What’s worse is that these fraudulent phone numbers are available for just a few pennies!

Sites, such as Instagram, Amazon, and Discord, use SMS verification to prevent people from creating bogus accounts which are difficult to trace. How it works is that, when a user tries to open a new account, an SMS will be sent to their phone number and they have to verify that they have received it before being allowed to continue.

This simple but effective method has worked quite well for a long time now. That is until scammers found a way around it, using large-scale, automated services, such as 5Sim, that lease out phone numbers.

In a post shared via its website, 5Sim said that users who do not want to use their personal numbers for SMS verification when registering an account can use a phone number from 5Sim. 

They said all that is needed is an internet connection, which means the process works even without a SIM card placed inside the phone. Users can even select a phone number from any part of the world.

In another interview on VICE, an employee of another website, Discord, said they were also aware of the existence of companies, such as 5Sim. The spokesperson went on to say that they try to block such accounts whenever they identify them.

Discord, like many other sites, requires a valid phone number for SMS verification, instead of VoIP numbers. This is probably an attempt to reduce the incidents of fake accounts. However, according to 5Sim, they provide users with ordinary numbers.

5Sim did say that its customers are not allowed to use their phone numbers for any illegal activity, or any actions that might cause harm to third parties or to the service. AhmOkYaAllRightyThen!

It is not clear how far 5Sim goes in ensuring that its customers adhere to these regulations, or whether it does indeed impose the restrictions on accounts in cases where fraudulent activities are suspected. In the meantime, though, scammers have a guaranteed way to bypass a lot of very important safety precautions.

For you, just knowing what’s happening in the background, understanding of the various scams, knowing there are a few things that can be done in addition to the game of whack-a-mole. The key here is to keep paying attention. Don’t let anyone CONvince you otherwise.