Robotexts are Gaining Popularity with Scammers
Are you tired of receiving text messages claiming to have a delivery update for a package you never ordered or a security alert for a service you don’t belong to? You’re not alone.
The Federal Communications Commission (FCC) has received more than 8,500 complaints about “unwanted text messages” so far this year, according to a report released in July.
That number is on pace to surpass the number of complaints reported in 2021, and according to industry data, these number of complaints is just a small sliver of the problem. RoboKiller, a spam-blocking app, estimates that consumers received more than 12 billion robotexts in June alone.
Robotexts are a powerful tool for scammers – and to some – are even more powerful than robocalls. With one click, an unsuspecting victim could be tricked into providing sensitive information that can compromise things like their bank account, work email and much more.
“I would argue that, in a way, robotexts are actually more dangerous,” says Teresa Murray of Public Interest Research Group. “Maybe not more annoying, but more dangerous because it’s more difficult for consumers to determine whether a robotext is legitimate or not.”
According to Murray, the increase in robotext is due in part by the decrease in robocalls.
An FCC mandate that went into effect in the summer of 2021 required all voice providers to implement call verification software. Because of this mandate, robocalls declined by nearly 50 percent. More than half of U.S. phone providers have since implemented robocall mitigation software for voice calls, forcing scammers into a new line of business.
“Their main source of income was robocalls so now they’ve moved on to robotexts,” Murray says.
How do robotexts work? Robotext scams tend to work much like email-based phishing scams, in which criminals pose as a legitimate actor to lure a target into providing personal information or downloading malware that will steal the information. Once the cybercriminal has collected the information they are looking for, they can use it to fulfill their objective, whether it be draining a bank account or infiltrating a network.
Threat actors can acquire customizable malware kits on the dark web making it easy for SMS-based attackers to keep new campaigns coming, according to Hank Schless, Senior Manager for Security Solutions at Lookout. Schless uses FluBot as an example. FluBot is a banking Trojan that hit European users last year via SMS messages claiming to be delivery notifications.
“That sort of shows you how straightforward it is and how quick it can be for a lot of these sort of lower tech campaigns,” says Schless.
There are several common lures for “smishing” (SMS-phishing) campaigns including posing as a delivery service or tech support representative. With the sense of urgency these scam texts create, it can be enough to make even the savviest consumer put their guard down.
“You have this text message, that something bad is happening and you need to act immediately to stop it from happening,” said Murray. “Even the smartest people can, just for a couple of seconds, kind of throw their common sense out the window and click on the link.”
The same red flags that could be spotted more easily on a desktop computer would be harder to see in a mobile device. An example of this would be preview links. Other giveaways that a text might be a scam include misspellings, and messages that are sent from numbers that are 10 digits or longer.
So what are lawmakers doing about robotexts?
It is expected that the number of robotexts will continue to rise. One way to possibly stop this growing trend would be action by U.S. regulators.
Last October, current FCC Chairwoman Jessica Rosenworcel (D) proposed a rule that would require mobile wireless providers to block illegal text messages just as they did with calls. The proposal has not yet seen a vote.
“The proposal is still pending before the Commission but has the Chairwoman’s strong support,” FCC spokesman Will Wiquist said.
If you’re experiencing spam text messages, the Federal Trade Commission advises that you report it to your cellular provider, which you can do by copying the message and sending it to 7726 (SPAM). Many phone providers also provide filter features to help sort out spam messages.
Story via Cyberscoop