Stopping Illegal SMS Traffic
Have you ever received spam or phishing SMS messages?
It can be annoying. Fortunately, it does not happen that often, which can be attributed to the huge amount of work that the telecommunications industry is putting into stopping it.
Examples of scams
There are various SMS phishing scams out there – also referred to as ‘smishing’. These scams can trick users into downloading an infected file, clicking a certain hyperlink or typing in sensitive information, which can result in identity theft. The information is either obtained when people enter it manually, or when malicious malware is automatically installed on the users’ phone. This can then collect all sensitive data typed in to the phone, which can be used for further attacks.
We have gathered examples below to illustrate the variety of strategies used:
- ‘Brand name’ phishing attacks such ‘Visa’, ‘Apple’, ‘PayPal’ etc. – this could for example be a scam pretending to be Netflix, where users are encouraged to update their login details or update their credit card. Details are then later sold on the black market.
- ‘The Postman’ – SMS messages notifying the user that their parcel is ready to be collected by clicking on an included phishing link.
- ‘Heist’ – SMS messages notifying the user that his or her bank account/Apple account/etc. has been locked due to an unauthorized login also accompanied with a phishing link.
- ‘Nigerian Prince’ phishing scams are still floating around. I received an SMS myself, stating: “My name is Mr Gatan, I work with Medirect Bank in Malta. Can i trust you with a business worth $21.3 millions? reply ONLY to my email….”. Not exactly convincing, but nevertheless, it is still happening so it must be working on someone.
- ‘Lucky Winner!’ – Even local movie theaters and similar places are used as the Sender ID, where recipients are told that they have won some kind of competition. Generally, there are a lot of different “you have won this or that competition” phishing attacks.
The examples clearly show that this is a widespread and growing problem. The criminals are also getting more cunning, which probably explains why there are still many people who fall for the scams.
How do we stop them?
1. Verification process
Luckily, scammers can’t just create their own SMS gateway and start sending phishing attacks to millions of users.
At GatewayAPI, we go to great lengths to prevent criminals from using our SMS gateway to send out spam or phishing. New users must go through a verification process, so we are certain that they represent legitimate businesses – and more importantly, that they actually represent the business they claim to represent.
2. Scanning system
We have a scanning system in place that automatically slams on the brakes if something looks suspicious.
The system uses a filter that rejects SMS messages containing links – unless the domain or the URL have been whitelisted in advance. Technically speaking: Our system continuously checks for links, compares them with the whitelisted URLs and domains, then either approves or rejects the link based on whether it presents on the list.
In the manual process where URLs and domains are checked, toxic URLs will obviously be rejected by our team. This additional safety measure is in line with the overall development in the telecommunication industry, where there is an increasing focus on stopping spam and phishing, e.g. many telecommunication companies today send out hefty fines to SMS gateways if scammers have managed to broadcast through them.
How to get your URLs whitelisted
To learn how to get your URLs whitelisted with us, check out our guide here. Within normal working hours, we will process your application quickly and efficiently. Free of charge.
Who are behind the attacks?
Who exactly profits from the phishing attacks? Is it hackers sitting in basements wearing balaclavas? According to Verizon’s annual DBIR (Data Breach Investigations Report) in 2016, roughly 89 percent of the attacks come from organised crime syndicates and about 9 percent come from state-affiliated actors. The main motivation being money and espionage. With this in mind, it doesn’t seem like a problem that will be going away anytime soon, unfortunately.
In SMS we trust
Mobile users should not be subjected to spam or phishing SMS messages. Additionally, it is extremely important that mobile users can rely on the SMS messages they receive. This way the SMS industry can continue to play a significant role in many different contexts.
In other words, the SMS cannot share the same fate as the email, where the current opening rate is only about 20-30 percent today.
To learn more about how to protect your GatewayAPI account against scammers, check out our blog post on the matter here.
You can also read more about smishing in our blog post here.
Global SMS Gateway
GatewayAPI has some of the lowest prices in the majority of the world combined with an intuitive interface, world class support and a rock-solid uptime of 99.99% in average. If you don’t have an account yet, you can create a free account in less than two minutes here: Go to GatewayAPI or contact email@example.com
If you have a concept or business that could benefit from employing SMS communication, contact us. We will help you get started, contact us today!