Growth in SMS malware attacks take advantage of smartphone users
As the public continues to rely on mobile devices to access their personal information in growing numbers, cybercriminals have been quick to recognize the value of text messaging as a new source of vulnerability for malware attacks. According to a recent report, threats leveraging SMS functionality are growing at a rate of 300 percent year-over-year, suggesting that new phishing will become a more common risk among cell phone users.
Though email-embedded malware has existed for years, some experts stated that because the telephone is traditionally considered a trustworthy communication device, it could prompt some users into believing that their smartphone is more secure than it actually is.
"Attackers are well aware of this wide acceptance [of mobile phones being perceived as 'safe'] and use this trust to their advantage," said the report. "As an example, many believe that any communications via their smartphone – whether via traditional call or via SMS – must be from someone they know or have done business with."
Different from email
Unlike email, where a combination of educational initiatives and spam filters have reduced hidden malware threats to acceptable levels, the way in which people interact with their mobile device at any time can give attackers more opportunities for potential victims to make an uninformed decision, effectually compromising that device and the owner's information in it. Also unlike the email, which averages an open rate around 20-25 percent and wait time of 24 hours, SMS open rates currently exceed 90 percent and are often opened instantaneously, the report stated. While clickthroughs of spam texts currently hover in the low double digits, even a high percentage of users supposedly aware of scams could be duped into thinking that replying "Stop" would stave off an attack.
InformationWeek cited in an analysis of the report, revealing that there were 350,000 variants and more than 50,000 unique SMS attacks in December 2012 alone. Part of the explanation for this increase and high volume is due to the most common form of attacks being gift card scams that were sent out en masse during the holiday season.
"Blended" message threats a new technique
Cybercriminals have also begun to coordinate malware attacks across various mediums to include email, instant messaging, social media and SMS. Through advanced social engineering techniques, "blended" messaging gives the added impression that the consistency in communication across platforms gives the illusion of legitimacy.