What do FluBot and SMS phishing have in common? Shocking daily headlines, the Wild West of URLs, and one easy solution to stop both in their tracks.
If you have heard anything about the newest Flubot attack, you have probably also warned your parents and others not to trust or click any link from an SMS message. This is bad news for MNOs. Fraud has been on a steep incline since the COVID-19 pandemic began, and consumers, while under attack from the virus, are also under attack electronically and financially.
Smishing, malware, and the Flubot are dominating headlines. These attacks may seem like separate threats, but they have a lot in common: They both begin with an SMS message and end in devastating financial losses to subscribers. Mobile operators have responded by issuing warnings to consumers, yet they are missing an enormous opportunity to save the day and savour the glory (and press coverage) any hero should.
Achieving herd immunity to smishing and Flubot
Ultimately, these attacks will only fail where mobile network operators succeed.
The opportunity for networks to succeed here spans from operations to marketing and there is no reason that operators shouldn’t flex. As mobile data becomes more of a commodity, it is more and more difficult to add value to mobile plans and really stand out to customers. Security and protection that is visible to the end customer is a chance to escape the race to the bottom and give network branding a real advantage over competing networks.
Customer experience is not the only place security adds value. A2P is an incredibly lucrative revenue stream for many networks, especially those with robust A2P monetisation strategies and effective SMS firewalls. Should subscribers lose trust in SMS (and they are), this will lead to a devastating decrease in investment from legitimate enterprise who use A2P SMS as a marketing channel and delivery mechanism for one time passwords, two factor authentication and other messaging. As an industry we must fight to maintain SMS as a trusted channel for business.
The reasons to take real action on solving smishing and Flubot are clear:
- Subscribers will love you for saving them where giants like Google have failed
- SMS is a lucrative channel worth protecting
- It is the right thing to do
As an industry, it is up to us to make these attacks less successful. The more networks who step up to secure messaging, verify URLs, and protect consumers, the less attractive it is for attackers to target subscribers through SMS. This herd immunity is achieved when enough operators commit to ending these attacks on their network, and the time is now.
More information on the Cellusys SMS Anti-Phishing Solution
How SMS Anti-Phishing works:
The SMS Anti-Phishing Solution can be used in conjunction with an SMS firewall or as a standalone solution for SMS phishing and Flubot attacks.
Every SMS is checked for the presence of a URL. Cellusys authenticates every URL against the Phishing Threat Intelligence Database registry. Even if the URL redirects multiple times across multiple domains, the destination URL will be authenticated:
The subscriber receives the message in one of three ways:
- Verified Safe URLs: Subscriber can open the link
- Potentially Dangerous URLs that cannot be verified: the link is replaced with a redirect link to a warning page explaining why the page is blocked, and urging the subscriber only to open with extreme caution.
- Dangerous URLs that are known: the link is replaced with a redirect link to a warning page explaining why the page has been blocked.
More Information about Fraud Insight solution for MalwareTags: Flubot, flubot solution, malware, smishing, trojan, zero trust
Categorised in: Blog