New 'SMiShing' spam targets WAP and smartphone users

New instances of ‘SMiShing' have been detected that target smartphone users.

Jarno Niemelä, senior anti-virus researcher at F-Secure, posted a blog where he received a message that translated as ‘Video message, click'. If the recipient clicks on the link they will end up opening a page that looks like an advert for a service called ‘Mobile Tube', that replicates the YouTube logo.

Niemelä said: “So, at first glance, this just looks like ordinary SMS spam. However, if the recipient reads the fine print at the bottom of the page, things get interesting.”

He pointed out that the fine print is in Finnish and states that the user has accepted a premium rate service, and if they wish, they can cancel the contract.

“We have seen this type of scam before and have reports of many other languages besides Finnish being used. The scam works if the user has a WAP access point enabled, as is per default with most operators. The scammers will get the necessary information for billing just by having the user click a link and visiting the web page.

“So whenever you see unexpected links via SMS, just delete the message and do not click them. If you clicked on a link, check if the page has an unsubscribe link. If it does, unsubscribe from the service and then file a complaint to your phone operator if you are billed by the premium service vendor,” he said.

See original article on scmagazineuk.com