Based on statistics from its GSMA Spam Reporting Service, Cloudmark has determined that more than half of the SMS spam sent out in January in the United States represented phishing attempts. Worryingly, phishing reports have increased by 78% from December 2013 to January 2014.
According to the company, the cybercriminals are mostly targeting prepaid debit cards of child support recipients and mobile accounts.
Other type of SMS spam observed by Cloudmark includes job listing scams, product promotion spam, payday loan spam and “win free stuff” scams. However, these campaigns are far behind compared to the number of attempts to obtain prepaid debit card data, which accounts for 54% of all phishing reports from January.
Experts believe that the fraudsters prefer prepaid debit cards because the risks are relatively low.
“Many of these cards contain very little fraud protection or prevention and can often be used directly from many ATMs to withdraw cash – an appetizing combination for thieves,” said Cloudmark’s Tom Landesman.
Prepaid AchieveCards are the most attractive for cybercriminals, being targeted in 90% of cases.
People in North Carolina who benefit from child support are being targeted with SMSs that claim there’s an issue with their cards. The crooks instruct them to call a certain number.
In addition to payment cards, cybercriminals also after mobile accounts. A total of 30% of all phishing attempts targeted mobile account credentials.
“This was accomplished using messages and mobile sites custom-tailored with branding from the mobile operator associated with each recipient. Those messages using custom-branded SMS showed a high degree of accuracy with regards to delivering correctly branded messages to number using the intended major carrier,” Landesman explained.
It appears that the scammers are using a list of known numbers and associated carriers because the carrier name mentioned in the SMS always matches the victim’s company.
Interestingly, SMS phishing attacks are targeting major banks less and less. In January, only 3% of phishing attacks attempted to trick the customers of major financial institutions into handing over their information, Wells Fargo being the cybercriminals’ top choice.
Five percent of the phishing attacks observed in January promised potential victims major discounts for Microsoft Office.
Those who took the bait were instructed to visit a website and enter their credentials. Users were promised that a download link would be sent to their email addresses. Of course, the link never came and they ended up handing over their credentials to the attackers.