The Federal Office for Information Security (BSI) refers to new fraud methods in the ongoing “smishing” waves (SMS phishing). In general, attackers want to use fake short messages to get access data for online banking and other user accounts, for example. According to the BSI, since autumn the perpetrators have been tricking users into believing that they have received an initially undeliverable voice message (“Voicemail”) or that the smartphone is already infected with malware.
Packet SMS gets less and less after the end of the lockdown
Behind the link from the message you will find instructions for downloading the voice message or an alleged security update. “Only those who download these files will install the malicious software of the fraudsters”, warns the BSI. “Do not click on the links contained,” warns the office. “Do not download files from an unknown source. Delete the suspicious SMS message immediately.”
In the spring, the attackers often pretended that the recipients of the SMS would soon receive a package or that a shipment should go back to the sender. Back then, too, the BSI sounded the alarm. At that time, according to the experts, it was the Android botnet MoqHao. This method was used in Germany to spread other Android malware such as “FluBot” and “TeaBot”. Apparently, this mesh is getting less and less entangled after the end of the corona lockdown.
The provider’s spam filters should bypass spelling mistakes
With the realignment, according to the BSI, more and more smishing messages are being noticed in which the recipients are pretending that their private photos have wandered onto the Internet. Here too, malware is said to be on the cell phone. “This is how the perpetrators exert pressure,” complained the authority. They also tried to persuade users to install a supposed security update. In this case, too, the download would infect the system.
The German mobile phone providers have taken filtering measures to prevent the sending of “smishing SMS”, explains the BSI. However, these could not offer complete protection, as the attackers constantly countered. It has recently been observed that “the messages sometimes contain intentional reversal of letters, spelling mistakes or random strings” in order to circumvent the operators’ spam filters.
Flight mode, display and factory setting
The authorities continue to advise those affected who have clicked on a relevant link or who have already installed a Trojan horse to switch the device to flight mode. The provider should then be informed and, for example, the bank account should be checked for unusual debits.
“File a criminal complaint with the local police station,” recommends the BSI. “Take your smartphone with you to preserve evidence.” The device should then be reset to the factory settings. All saved and installed data was lost. The step is necessary “in order to completely remove the Android malware distributed via the current SMS spam messages”.