A Brazilian woman recently lost her iPhone when she was mugged in the southern city of Porto Alegre. Her husband was able to trace the phone via the ‘Find my iPhone’ app, but the story didn’t end there. After sending a text to the robbers offering to buy back the mobile, he was quickly inundated with phishing messages that appeared to be from Apple. The messages claimed his wife’s phone had been found and he could learn how to get it back by clicking on the accompanying URL.
Smishing is on the Rise
Edu Rabin shared this story with US security expert, Brian Krebs. Fortunately, Rabin knew enough about phishing attacks that he wasn’t tempted to click on the link, but someone else might have been. SMS phishing, sometimes called smishing, is one of the most recent cyber scams to watch for. These attacks come in the form of a text message that often claims to be from a legitimate source, such as a bank or credit-card company. Other techniques rely on blackmail and threats to release private information if action isn’t taken, even though the hackers don’t actually have this information….yet. The message almost always contains an embedded link which is contaminated with malware that will allow criminals to steal information from the phone once you click on it.
Don’t Fall for the Scam
If you’ve been a victim of any type of phishing attack, ReputationDefender’s online privacy services can help minimise the damage and secure your accounts again. However, it’s much better to avoid getting caught in the first place. This means analysing every text message and avoiding CTAs or embedded URLs that seem suspicious in any way.
As Rabin’s story shows, criminals are becoming more creative and tech-savvy with their smishing techniques. Most people would assume that the essential robbery took place when the phone was stolen, but the Brazilian criminals had a much more elaborate plan that even relied on the ‘Find my iPhone’ app, a service intended to protect iPhone users. Had Rabin clicked on the link, the muggers/hackers would likely have gained access to data on both his and his wife’s phone.
As distressing as it may be to lose a mobile, it’s worth remembering that most of the data on it is already backed-up in the cloud. With a solid password protection system like Apple’s (Rabin’s wife had an iPhone 5), it is unlikely hackers will be able to crack the phone’s security, unless of course you hand them the information they need.