The UAE Cyber Security Council recently issued a warning against a phishing campaign being conducted via fake text messages.
According to the council’s post on X, the fraudulent messages masquerade as originating from Apple support. To trick recipients into giving up their confidential details, the messages employ a handful of tactics.
In their most innocent form, they could ask the recipient to review the phone number linked to their account. They could also scare the victims claiming that their Apple account is either suspended or closed.
To rectify the situation, the messages will most likely ask the victim to visit a web link. The link takes victims to a page that could try to imitate an original page from Apple support. The page will ask the victim for their login credentials, which then make their way to the scammers.
Read: Climate change could become a major security hazard soon
Going old school
The council’s warning comes just as the email service providers and email apps were getting an upper hand on phishing emails. But scammers switching tacks to attack people through fraudulent SMS messages is a well thought out strategy.
Simply put, people don’t expect to be scammed via text messages, which makes SMS a really effective attack vector.
For a long time we’ve only been receiving SMS messages from people we trust. That’s until we started handing our numbers to all kinds of entities, from banks to online shopping portals. Now we mostly receive messages from contacts we don’t know. Most are legitimate, underlining our trust with SMS, but some aren’t.
Security experts are witnessing a rise in the number of such socially engineered attacks conducted via SMS. There’s a high chance of phishing victims through SMS (known as smishing). That’s because using text messages allows the scammers to bypass the security controls that are typically designed for email.
Read: Cybercriminals using ChatGPT to launch spear-phishing attacks
Bypassing controls
Experts agree that, as a phishing medium, SMS is a lot more dangerous than email, simply because it’s more difficult to fight. One of the main reasons for this is that the core protections available in email just don’t exist with SMS.
Also, unlike email, it’s more difficult to train people and software to identify fraudulent SMS senders. While many people can now identify a fake email address, it’s a lot more difficult with SMS, thanks to techniques such as number spoofing.
In its post, the UAE Cyber Security Council has outlined a few suggestions to help people from falling victim to smishing attacks. For starters, people are advised to be wary of text messages that induce them to share personal information.
Furthermore, it also asks people to avoid contacting the scammers through any numbers provided in the message. In the same vein, people should also avoid clicking any links passed on to them via SMS messages from unknown senders.
Read: Unmasking the gang behind recent cyberattacks on UAE firm
Stay safe
Besides these there are a few other precautions you can take to avoid becoming a victim. Even if you are really spooked by the SMS, it’s best to avoid establishing contact through any of the means in the text message. Instead it’s best to get in touch with the purported sender through other means.
Secondly, remember that virtually all legitimate organizations, like your bank, or Apple Support, never give ultimatums over SMS. Furthermore, neither of these organizations will ever threaten to close your account, if you don’t click on a link within a certain amount of time.
They would also not ask for login credentials to verify your identity over SMS. This in itself should raise red flags.
Finally, organizations that handle confidential data will have well-established means to check the authenticity of such messages, and to report them.
For more tech news, click here.