Ahmed Mansour knew immediately that something was wrong with the unsolicited text messages on his iPhone. It was August 2016, the hottest time of the year in the United Arab Emirates (UAE), and as a renowned advocate for human rights, Mansour was already familiar with government surveillance techniques. According to The Guardian newspaper, his activities inside and outside the country had already been monitored for some time.
But the two anonymous text messages were something new. They contained links to information that would help him in his human rights activities. Mansour was suspicious by nature of his work and forwarded the messages to cybersecurity analysts for investigation.
The danger of spam
Most computer users receive a fair amount of unsolicited email offering anything from access to African bank accounts to the latest inside information on something of great interest to the reader. Often the spam emails contain links to websites (often malicious websites) or attached files to download. They usually claim to improve the recipient's financial situation or professional life. However, the attached files or the links result in malware being introduced to the computer.
Many of these emails are "phishing," designed to trick innocent people into taking the bait. Spear phishing are attacks on people using real personal information. Cybercriminals provide the bait in these emails with details that are of interest to the targeted person.
Spam SMS
Meanwhile, cybercriminals have expanded their phishing networks to include SMS messages. Partly due to security breaches of customer files containing contact information for millions of users around the world, hackers have been able to successfully write software that sends "bait SMS messages."
When consumers click on the links in the spam SMS messages, they download malware to their devices or are redirected to malicious websites. In some cases, users responded to the SMS, so the sender knew the mobile number was in use and vulnerable. Cybercriminals then use phone calls after the original SMS to defraud cell phone owners.
Getting to the root of the hacking
In the case of Mansour, a human rights activist, cybersecurity analysts determined that when he clicked on the links in the SMS messages, he would have relinquished control of his iPhone to the hackers. According to The Guardian newspaper, the privately assembled and sophisticated software "would have allowed attackers to spy on virtually all of Mansour's activities - phone calls, text messages, Gmail, Skype and Facebook - as well as scan his calendar and steal passwords and other personal information."
Dealing with spam SMS
Some spam SMS messages are very sophisticated and appear to come from banks, phone providers or other reputable companies. If SMS messages look official, call the authentic customer service number for the company to verify the real-time of the SMS. Do not call the phone number listed in the SMS. It's also a good idea to block the phone number from future SMs so they can't be answered.
Forward spam text messages to the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC). These agencies investigate communications that could be considered illegal, and the state government wants to know about any unwanted text messages you receive. Also, report the text messages to your phone provider as spam.
Apps like Mr Number, SMS Blocker, and Text Blocker offer protection from unwanted SMS messages, as does a high-quality security solution like Total Solution from Kaspersky. This software protects the core of Android and iOS mobile devices, so hackers can't take control of tablets and phones. In most cases, this can detect and remove malware that tries to infiltrate devices via spam message links.
Spam SMS messages phishing for gullible victims are still relatively new, but they are bound to become more and more common. With the right knowledge and protection, you will be well prepared.