Story image

SMS phishing scam sweeps Australia

03 Dec 2018

Late last month Stay Smart Online posted an alert about an SMS phishing scam masquerading as Medicare. The scam sends text messages to people, asking them to click through to a website and hand over their personal information in order to get a rebate.

The SMS phishing messages are being sent to large numbers of people, and anybody could receive the messages.

Mimecast principal technical consultant Garrett O’Hara says SMS phishing scams are on the rise as they are easier to spoof.

“SMS phishing scams are becoming an increasingly attractive tactic for cybercriminals. SMS is an easier way for scammers to pretend they are sending from a well-known business that people know and trust. We will particularly see scammers impersonate entities such as Medicare and myGov, where there is the potential to both target and fool more people,” says O’Hara.

He believes SMS scams are extremely effective because messages aren’t generally scanned by security tools.
He adds that people also intrinsically trust SMS more than email, so the potential for social engineering is built in.

“In the last several years, attackers have been able to spoof the message identification field to the same name as trusted entity, legitimising the appearance of a scammer’s text message,” says O’Hara.

“People must remain vigilant and be suspicious any time personal identifiable information (PII) is requested. Attackers are looking for an outcome so if you’re dealing with a mature attacking crew, they’re likely to use multiple vectors including email – mostly popular with scammers - then SMS, telephone scams and even face-to-face.”

Recipients should remember:

  • Organisations are extremely unlikely to ask you to update or provide personal information and banking details or ask you to download or install software. If you’re unsure of the validity of email or SMS, call the organisation directly to confirm.
  • Scammers can obtain your personal information from other means, such as a public social media profile, the internet or the phonebook. They can use this information to legitimise the appearance of the scam – this impersonation is known as ‘spoofing’.
  • Be aware of any hyperlinks that appear in the text message as it may direct you to a fake website or login page.”

Stay Smart Online offers a few more tips:

  • Do not click on links in emails or text messages claiming to be from myGov or Medicare. myGov will never send you a text, email or attachment with hyperlinks or web addresses.
  • Don’t open messages if you don’t know the sender, or if you’re not expecting them.
  • Be suspicious of messages that aren’t addressed directly to you, or don’t use your correct name.
  • Login to your official myGov account by typing the web address my.gov.au into your browser to check your inbox for any legitimate emails from Medicare. Check that https:// appears at the beginning of the address bar when you land on the site.
  • You can also contact Medicare separately to check if they have sent the message.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.