Cisco: SMS, smartphone attacks on the rise

New research from Cisco says criminals are finding new techniques, new targets with fraudulent text messages and "smishing" campaign

New research released today by Cisco warns criminals are rapidly adapting to a more modern economy and continue to find new ways to exploit people with mobile phones and through social networks and text messages.

The Cisco 2009 Midyear Security Report finds that much like a successful business, the criminal underground works together to understand and take advantage of the evolving behaviors of the demographic they are trying to fleece. As part of this strategy, cyber criminals quickly seize upon current events, such as swine flu and the recent death of Michael Jackson, in order to fool people into phishing scams or to spam advertising for preventive drugs and links to fake pharmacies.

"The bad guys were pumping out more than 2 billion spam messages the day after Michael Jackson died with all kinds of trickery," said Patrick Peterson, Cisco fellow and chief security researcher.

The report also notes an increase in the use of SMS text messages as an attack vector. Since the start of 2009, at least two or three new campaigns have surfaced every week targeting handheld mobile devices, according to Cisco, which describes the rapidly growing mobile device audience as a "new frontier for fraud irresistible to criminals." (See also: Mobile Malware: What Happens Next?)

The report also references a new technique called "smishing," which Cisco predicts will increase in the coming months. A smishing attack involves sending a phishing link to a smartphone that is sophisticated enough to actually click on a link contained in a text message. However, the more common SMS attack these days involves a fraudulent text message that appears to be from a trusted source, such as a bank, and prompts the user to call a phone number and reveal private information. The tactic makes use of an older, yet more trusted mode of communication, said Peterson.

"One of the most interesting innovations we have seen is the use of audio channel to phish the victim," he said. "What we see in a majority of these types of phishing attacks is the SMS will tell the cell phone owner to call a phone number. Some lovely recorded voice answers and asks you to enter or speak your account number, your social security number. It will keep asking as long as someone is gullible enough to give out that information. And all of that gets captured on voice over IP (VOIP) on standard open source audio file."

The technique is proving successful in many instances, said Peterson, because users have not yet learned to be wary of audio scams.

"A lot of people don't have the defenses against the audio channel. We've heard "Check the URL!" and "Don't click the link!" But I don't think a lot of people have heard "Don't enter your name into a touch-tone handset.""

Peterson said while SMS attacks are still new in the United States, they are more common in other countries, such as Japan, where SMS technology is more pervasive and has been popular for much longer.

Join the CSO newsletter!

Error: Please check your email address.

Tags smartphonesmscisco

More about Cisco

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts