Criminals are heartlessly exploiting the coronavirus outbreak to commit fraud, often using scam text messages imitating government departments, banks and other trusted organizations.
To provide an insight into the scale and sophistication of some of the hacker’s methods we interviewed our partner, Arnie Bjorklund from SecurityZones, and Raymond Dijkxhoorn from SURBL.
SecurityZones provides global advanced threat intelligence and improved anti-spam intelligence that equips Mobileum SMS firewalls to stop SMS Spam and Smishing before scammers have the opportunity of turning network subscribers into victims.
Q: We have seen stories from around the world about hackers using COVID-19 to their advantage in many ways and this is causing fear and panic among people around the world. Can you give us an overview of what is happening?
A: Of course, and, yes, it is upsetting for everyone. For instance, SMS Phishing schemes (smishing) are on the rise, as criminals start to spread SMS messages impersonating others to trick people into giving away their personal and financial details, or money. Recently the Canadian Red Cross tweeted that they had received multiple complaints from the public about an SMS campaign to give away free masks from their organization. This, of course, not only worries the public but also delays the work of key workers.
Q: Can you summarize how spam trends have changed since the COVID-19 outbreak?
A: In short, this time it is very different. Attacks are, sadly, common around natural catastrophes but they tend to be local to an event, for example, tsunamis, fires, earthquakes and so on. This time, with COVID-19, the attacks are global, and the potential is so attractive to them they are shifting their attention from gambling advertising fraud to COVID-19 related themes.
We are seeing a lot of spam related to debt at the moment – loans for hard pressed students for example. That and, of course, materials that help against COVID-19 – masks for example, which are cheap and attractive to sell. Payroll protection is another area on the rise as hackers prey on peoples’ fear.
Q: Could you give us one or two examples of how malicious actors are using COVID-19 or the coronavirus names into tricking people into opening messages?
A: This is a serious area of concern. Masks and payroll protection are a major trend now. For instance, the website ‘facemask-supply.com’ was not active before the outbreak and it is not alone. You see these scams in various forms and it is only when you maintain a threat network that you can see them for what they are. Gangs who used to focus on casino spam, for example, are moving to advertising masks. It is more lucrative, and one problem is that if one site is reported and closed, they do not care, they have thousands of IP addresses at their disposal.
Q: What are the differences between the spam techniques in e-mail and spam in SMS?
A: There is actually a huge similarity in terms of the schemes. SMS is harder for the actors though, as they need physical equipment, an SMS gateway or Simbox for sending the SMS. They use SMS with unlimited plans or use stolen cards. Some carriers also have open gateways that can be abused and, of course, you have a limited number of characters to use. With HTML it is also easier to disguise the sender.
Q: Are spam filters able to identify fake messages?
A: In short, yes. There are characters that can be analyzed. We can check the name servers with the message context, whilst it is difficult to mask URLs sometimes they have to use short URLs. This can make is easier to detect if fraudsters cannot mask URLs and some links only work on a smartphone which also makes it easier to detect by analyzing the mobile browser.
Q: Which of the world’s regions do you see suffering greater impact from COVID-19 spam?
A: We see a lot of activity in the US because the regulation is different. There is also a lot in Asia. In Singapore and Malaysia, for instance, where a lot of people have multiple phones. In some regions of the world, like in Asian countries, the phone number and email are linked. As an example, customer emails are based on phone number, and you would have <PhoneNumber.OperatorName.com>. Spammers will use phone range numbers to generate spam to e-mails. European has a lot more regulation around privacy, which helps.
Q: Do you know the size of the problem? How many spam messages does a customer on average receive per month?
A: In the US, for example, over 6 billion SMS messages are sent each day and one in 25 messages is spam or malicious in some way – and this is traffic that has already been filtered.
Q: Can you detail what kind of information you are providing for Mobileum’s firewalls?
A: We provide a feed with ‘current active bad domain’ names and this is updated every 1-2 minutes. It is a very accurate, comprehensive and dynamic dataset.
We are experts in this space, who have 17+ years’ experience and we are highly regarded as an important member of the internet ecosystem. We are specialists in spotting ‘bad domains’ which include malware, phishing, bot-nets, cracked sites, etc. And very importantly, we have visibility and input from telcos and ISPs from all over the world. Mobileum uses this information to apply their detection rules and algorithms for SMS Spam and Smishing according with the customer environment.
Many Thanks to Raymond (SURBL), Arnie (SecurityZones), and to the security folks at Mobileum (mobileum.com)