May 11, 2021

Anatomy of a Smishing Attack – Flubot and Smishing Solutions Part 2/7

Contact information being hooked in a smishing attempt on a mobile phone

What do Flubot and SMS phishing have in common? Shocking daily headlines, the Wild West of URLs, and one easy solution to stop both in their tracks.

If you have heard anything about the newest Flubot attack, you have probably also warned your parents and others not to trust or click any link from an SMS message. This is bad news for MNOs. Fraud has been on a steep incline since the COVID-19 pandemic began, and consumers, while under attack from the virus, are also under attack electronically and financially.

Smishing, malware, and the Flubot are dominating headlines. These attacks may seem like separate threats, but they have a lot in common: They both begin with an SMS message and end in devastating financial losses to subscribers. Mobile operators have responded by issuing warnings to consumers, yet they are missing an enormous opportunity to save the day and savour the glory (and press coverage) any hero should.  

Anatomy of a smishing attack 

Smishing techniques vary and often incorporate other touch points, such as calling the victim impersonating a trusted entity and using social engineering to trick the victim into giving away sensitive information. We will describe the most basic and common smishing technique, however there are many variations to this attack.  

An attacker sends an SMS message with information about a missed delivery, COVID vaccination, fraud warning from a bank, or other compelling message. The message contains a call to action and a URL to follow. The link usually leads to a very recently created, elaborate, and convincing look-alike page for the entity the message claimed to be from. This website will then ask for an inordinate amount of personal information, such as your credit card information, and date of birth.

 After “voluntarily” sharing this information with the attackers, they are able to drain your accounts and wreak havoc on your identity. Often banks are powerless to stop them and unwilling to accept liability for any fraudulent activity with origins outside their institution and technological reach. In their eyes, the consumer has committed gross negligence, “freely given” their credentials, and the bank is not responsible for the loss. 

According to Proofpoint, there are 6 smishing attacks per second targeting just 10 US and UK banks. Every week sees a new scam reported, a new entity targeted, and a new victim losing their life savings or small fortune to elaborate smishing scams. The response from mobile operators in the wake of smishing attacks that have increased substantially (328% in the last year) is to again, issue warnings with tips to look out for, and sometimes the sweeping advice again not to follow any link in any SMS. 

More information on the Cellusys SMS Anti-Phishing Solution

How SMS Anti-Phishing works:

The SMS Anti-Phishing Solution can be used in conjunction with an SMS firewall or as a standalone solution for SMS phishing and Flubot attacks. 

Every SMS is checked for the presence of a URL. Cellusys authenticates every URL against the Phishing Threat Intelligence Database registry. Even if the URL redirects multiple times across multiple domains, the destination URL will be authenticated:

The subscriber receives the message in one of three ways: 

  1. Verified Safe URLs: Subscriber can open the link 
  1. Potentially Dangerous URLs that cannot be verified: the link is replaced with a redirect link to a warning page explaining why the page is blocked, and urging the subscriber only to open with extreme caution. 
  1. Dangerous URLs that are known: the link is replaced with a redirect link to a warning page explaining why the page has been blocked.  

More Information about Fraud Insight solution for Malware 


Additional Flubot and Smishing Solution Resources:

This video from Samurai Security shows how smishing and SMS spoofing attacks are easily perpetrated.

Tags: , , , , ,

Categorised in:

May 11, 2021