Ahmed Mansour intuitively knew something wasn't quite right about the unsolicited text messages he received on his iPhone. It was August 2016, the hottest time of year in the United Arab Emirates (UAE), and as a highly regarded human rights activist, Mansour was already experienced in the surveillance techniques of the government. Officials had been watching his activities inside and outside the country for some time, according to The Guardian.
However, the two anonymous text messages were something new. They contained links that would supposedly lead him to information that would further his human rights cause. Suspicious by necessity, Mansour forwarded the messages to cybersecurity analysts for further examination.
Most computer users receive their share of unsolicited emails offering everything from access to African bank accounts of deposed officials to the latest insider information about something of great interest to the reader. The spam emails often include links to websites (often malicious websites) or attached files to download. They generally claim to improve a reader's financial or professional life, but the attachment or link exposes the computer to malware.
Many of these emails are phishing emails designed to "hook" innocent people using some type of incentive as bait. Spear phishing involves attacks on individuals using real personal details. Cybercriminals bait these email hooks with details that are of known interest to the target.
These days, cybercriminals have widened their phishing nets to include mobile text messages. Thanks in part to breaches of customer files that have revealed the contact details of millions of users around the world, hackers have successfully written software that sends "baited" text messages.
Consumers who click on links in the spam text messages download malware onto their devices or are directed to malicious websites. In some cases, users respond to the texts, letting the sender know the phone number is in use and vulnerable. Cybercriminals may then follow the original text with phone calls that attempt to scam the owners.
Getting to the Root of the Hack
In the human rights activist Mansour's case, cybersecurity analysts determined that he would have ceded control of his iPhone to the hackers if he had clicked on the links in the text messages sent to him. According to The Guardian, the privately crafted and highly sophisticated software would have made it "possible for attackers to spy on virtually anything Mansour did — phone calls, text messages, Gmail, Skype and Facebook — as well as scan his calendar and steal passwords and other personal information."
Some spam texts are very sophisticated and appear to be from banks, mobile phone service providers or other reputable businesses. If texts appear official, call the authentic customer service number for the business to verify the text messages. Do not call the phone number provided in the text. It's also prudent to block the phone number to eliminate the possibility of responding to future texts.
Refer spam texts to the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC). These agencies follow up on communications that could be deemed illegal, and the federal government wants to hear about unsolicited texts you receive. Also report the text to your carrier as spam.
Apps like Mr Number, SMS Blocker and Text Blocker offer protection from unsolicited text messages, as does a quality security solution like Kaspersky’s Total Solution. This software protects the core of Android and iOS mobile devices to prevent hackers from taking control of tablets and phones. In most cases, it can detect and eliminate malware that attempts to invade devices through spam text links.
Spam texts that phish for gullible victims are relatively new, but they are certainly here to stay. Be prepared with the right knowledge and protection.