SMS Spoofing: What you need to know

sms spoofing
Ever hear of SMS spoofing? You and many others may have recently been receiving texts from numbers identical to their own (or a business or someone they may know), containing links meant to be clicked. These are known as SMS spam, and this process is known as SMS spoofing. More recently, these scams have come front and center with the acknowledgment from Verizon Wireless admitting they are aware of their customers receiving bogus messages regarding an “offer” for paying their monthly bills. In actuality, they are being provided a link to a Russian propaganda website.
 

What is “SMS spoofing”?

SMS spoofing alters the sender information on a text message received through the SMS system (the standard used for text messages). SMS Spoofing allows a fraudster to send an SMS while disguising themselves as someone else. The sender’s name, phone number, or both can reflect that of someone else. Surprisingly, this is not difficult to do as it requires minimal software and a little know-how. Some services charge a small fee to send these messages out as well. They assume since you are familiar with the sender’s number or name, you will trust in taking action to their request.
 

How does it work?

These text messages are sent to persuade the reader into clicking on the embedded link. The reason for this is to steal whatever information it is asking for. For example, let’s say you receive a text from your bank saying, “Your balance is low. Click here to transfer funds” the intent is to have you “log in” to your bank account. The link directs you to a page that looks similar to your bank’s website. Without hesitation, you enter your credentials. Then, boom, you’ve been conned. These scams are pretty straightforward. The scammer wants you to take action. In the process, you are handing over information that can be used to access your accounts for malicious intent.
 

What are the risks?

Aside from gaining access to accounts and passwords, they can sometimes gain access to information on your phones, such as contact information and sim info. Alongside that type of info, login credentials are also a hot sell on the dark web for mere cents, so you must be cautious when determining if a spoofing attempt is legit.
 

How do you prevent yourself from falling for these scams?

  • Take a good look at the sender and content details. Frequently, there are grammatical mistakes that are a tell-tale sign that the text is not an official correspondence
  • Do not open unfamiliar links. If you aren’t familiar with the website, it is best not to click the link. Even a simple peak could open up Pandora’s box.
  • Beware of requests for password resets. If you feel unsure and want to update your password, log in to a desktop version of the business and do it directly on that website.
  • Contact your phone provider. Aside from letting them know that you are receiving these texts, most offer services or apps that can aid in keeping your phone secure from security threats. These types of services vary in price and ability, so it’s best to see what they offer.
If you would like more information on smartphone security and safety, please contact us at 818-501-2281 or email us at info@ceocomputers.com, and we’ll gladly assist.
Posted in IT Blog