Dec 06, 2012 (Tulsa World - McClatchy-Tribune Information Services via COMTEX) --
Dear Action Line: I read the Wednesday Tulsa World story on the Oklahoma attorney general issuing a "smishing" alert when Oklahomans received cell phone text messages they thought were from their banks on "negative balances." How did the smisher get their phone numbers and know their owners had accounts at that bank -- S.M., Tulsa.
The Smisher didn't hack your bank or credit union for your cell phone number -- the attack was sent to every cell phone service prefix in this area, followed by every number combination (by auto-dialer) in the county in which the named institution resides. Even non members got the texts -- and some of them fell for it and called the phone number listed in the text to reveal their most sensitive, financial information.
"Texting is a quick and common form of communication that has become popular with scammers to trick smartphone users into revealing their credit card and bank account numbers, said Bill Hardekopf, CEO of Lowcards.com. "Smishing" is the term used to describe "SMS phishing" (Short Message Service text messages).
"A popular texting scam sends a message, supposedly from a bank, saying there is a problem with your credit card or it has been deactivated," said Hardekopf. "It gives a number to call to solve the problem. Once you call, the automated operator asks you to enter your credit card number. However, this is not your bank, and you gave the scammers your credit card number and the keys to commit fraud against your account."
He urged consumers to, "Be suspicious of unusual or unfamiliar messages. DO NOT REPLY TO THESE MESSAGES, even to click 'stop contacting,' as this lets scammers know your phone number is active. If you're concerned there is a problem with your credit card or bank account, look up the customer service number and talk to a department representative about the text.
When you receive a spam text message on your phone, forward that text to the shortcode 7726 (which spells "SPAM"). Your wireless carrier will reply with an automated message asking you to enter the phone number from which the spam text was sent. This is a service provided by the wireless carriers to collect spam complaints in a common database to identify spammers and take action against them.
The May 3 PC World article "Smishing attacks on the rise" says a Pew Internet & American Life Project report showed 73 percent of adults with mobile phones use text messaging (averaging 41.5 messages daily) while the 18-to-24 age group generates 110 messages daily. Cyber criminals see a lucrative market in texting smartphones, as they don't have the same security software PCs have for detecting and preventing attacks. Smartphone users often assume mobile phones are safe, and don't realize malware and phishing attacks are a real concern for mobile devices.
People are used to receiving text messages, and are not likely to think twice about the security implications of clicking on links in a text. Major Web browsers have phishing protection built in to alert users of suspicious sites, and users can hover over links to display their true URLs on a PC, but mobile phones aren't equipped to help users avoid malicious text messages.
Submit Action Line questions by calling 918-699-8888, emailing firstname.lastname@example.org or by mailing them to Tulsa World Action Line, PO Box 1770, Tulsa OK 74102-1770.
___ (c)2012 Tulsa World (Tulsa, Okla.) Visit Tulsa World (Tulsa, Okla.) at
www.tulsaworld.com Distributed by MCT Information Services