More and more users of private and business smartphones are receiving SMS messages prompting them to click a link. This is what is known as “smishing” - a word created from the terms SMS and phishing.
In the spring of 2021, the perpetrators often pretended that the recipients of the SMS would soon receive a package or that a shipment should be returned to the sender. A personal address can even be observed in some of the SMS texts.
Smishing - SMS phishing
Phishing SMS with a dangerous link (Image: BSI).
Android users are offered the download of an app via the link in the SMS message. However, this does not solve any of the simulated problems, but rather spies out local address data, distributes other malicious SMS messages and carries out phishing attacks. The criminals camouflage the malware e.g. B. as an app supposedly necessary for parcel tracking from well-known logistics companies such as FedEx or DHL. Apple iOS users usually end up on advertising or phishing pages.
Warning: new scam methods!
Since autumn 2021, the perpetrators have been using fake parcel notifications less often. Instead, they inform the recipients of the SMS, for example, that a voice message ("Voicemail") has been received or that the smartphone is infected with malware. Behind the link from the message you will find instructions for downloading the voice message or an alleged security update. Only those who download these files will install the scammers' malware.
Smishing can hardly be stopped
Smishing SMS also attract attention, in which the recipients are pretended that their private photos have been leaked because malware is said to be on their mobile phones. The perpetrators use this to exert pressure and try to persuade smartphone users to install a supposed security update. In this case, too, the download will infect the system.
Although the German providers have taken filtering measures to prevent the sending of smishing SMS, these cannot offer complete protection because the perpetrators are constantly taking countermeasures. It has recently been observed that the messages sometimes contain intentional reversed letters, spelling mistakes or random strings in order to bypass the spam filters of the mobile network operators.