SMS fraud series: BSI warns of "smishing" wave for parcel tracking

More and more cell phones are receiving SMS messages, for example for tracking shipments, via which the banking Trojan FluBot is installed. The BSI urges caution.

For days now, users of smartphones and other cell phones have been receiving an increasing number of short messages asking them to click on a link. The German Federal Office for Information Security (BSI) has identified a "smishing" wave (SMS phishing) behind this, which is used to scam access data via fake messages. Currently, the cell phone messages contain a link behind which the Android malware program FluBot is hidden in most of the currently observed cases.

Malware app for Android, phishing websites for iOS

This banking Trojan, which attempts to spy on confidential data and tap into apps for online account management or custody account management, has been circulating since around November 2020, according to the BSI. The perpetrators pretend, for example, that the recipients of the SMS will soon receive a package or that a shipment should be returned to the sender. Android users are offered the malicious FluBot app for download via the link, which then demands numerous authorizations. The criminals disguise the malware as an application that is supposedly necessary for tracking parcels from well-known logistics companies such as DHL, Deutsche Post or FedEx.

The download does not work on iPhones or iPads. Users of devices with iOS systems usually end up on advertising or phishing pages. Subscription traps, offers for dubious financial investments or other malware lurk there.

Do not click on the link!

When receiving a suspicious SMS, it is important not to click on the link and to delete the message immediately upon receipt, advises the BSI. "If the sender is known to you, call him or her, for example, and ask if it is correct." At the same time, it is recommended to block the sender via the operating system, it says. In general, the installation of apps from unknown sources should be deactivated under Android. A third-party provider block can also be activated via the mobile phone provider in order to avoid unwanted debits.

According to the authorities, users who have clicked on a relevant link or even already installed the Trojan should switch the device to flight mode and thus disconnect it from the mobile network. The provider should then be informed about the case. At the same time, those affected should check their bank account and their payment service provider for debits that they did not initiate themselves.

Recommendation: File a criminal complaint

"File a criminal complaint with the local police station," the BSI further recommends. The smartphone should be taken along for "preservation of evidence". The device should then be reset to the factory settings. All stored and installed data will be lost. However, the step was necessary "to completely remove the Android malware distributed via the current SMS spam messages."

"Since the Easter days, in some cases even a personal salutation can be observed," the office refers to new tricks of the fraudsters. The smishing phenomenon itself is not new, it said. The "Citizens' CERT" had already addressed it in a newsletter in mid-February. At that time, the Android malware program MoqHao was foisted on victims in this way.

SMS flood unleashed

Law enforcement agencies such as the police headquarters in Northern Hesse, the colleagues in Neubrandenburg and the State Criminal Police Office of Lower Saxony have already warned of the perfidious wave of fraud. The Hessian law enforcement officers urged particular caution in this regard: due to the high demand in online commerce during the Corona pandemic, "many people actually expect a package and click on the momentous link in the SMS." The Trojan then spreads "like a snowball system among the stored contact data of the affected person." This, he said, triggers a veritable flood of text messages.

The IT security company Eset, meanwhile, senses a connection behind the series with the recent problems surrounding a massive data leak at Facebook. The campaign is rapidly gaining momentum in Germany. The use of such stolen data sets is not unusual and accelerates the spread of the malicious app enormously. FluBot is apparently being offered in underground forums as malware-as-service, according to the company: "The perpetrators appear to have merely rented the infrastructure of the banking Trojan." Arrests of alleged backers in Spain have not mitigated the wave, it said.

Comments

Post a Comment

Popular posts from this blog

Chrome targeted by criminals: Why users need to update quickly now

A security vulnerability in Google Chrome is currently being exploited by cyber criminals. Malware could land on your PC through it. Read here how you can protect yourself. The Google Chrome browser is currently struggling with some security vulnerabilities. In a blog post , Google warns about a total of seven vulnerabilities, with the majority of these gaps being classified as a "high" threat to users. The vulnerabilities have been fixed in the latest version of Chrome for Windows, Linux and macOS. If you have Chrome version 90.0.4430.85 installed, it can no longer be exploited. If you have an older version of the browser installed, you should update urgently. You can find the download of the new version below these lines. Smartphone users do not have to be afraid of the security vulnerability. Google has not had to take any security measures here for the time being. The security vulnerability probably remained undiscovered by cyber criminals for the time being. So far, noth...
Read more

Face and voice recognition: Why TikTok wants to be allowed to collect biometric data in the USA

TikTok's privacy policy for the US now mentions the collection of biometric data from faces and voices. The background is likely to be a legal dispute that cost the company $92 million. Neue Datenschutzbestimmungen sind oft eher etwas für Juristen, doch die jüngste Aktualisierung von TikTok sollte alle Nutzerinnen und Nutzer in den USA aufhorchen lassen. Denn in den am 2. Juni aktualisierten Datenschutzbestimmungen für die USA ist ein Abschnitt enthalten, den es zuvor nicht gab. Er lautet übersetzt: »Wir sammeln möglicherweise biometrische Identifikationsmerkmale und biometrische Informationen, wie sie im US-Recht definiert sind, wie etwa von deinem Gesicht und deiner Stimme, aus deinen Inhalten.« Im englischsprachigen Original ist von »faceprint« und »voiceprint« die Rede. »Bevor wir damit anfangen«, frage man jedoch nach dem Einverständnis, wenn dies gesetzlich nötig sei, fügte noch TikTok hinzu. In response to an initial inquiry from "TechCrunch" about the ba...
Read more

Microsoft Teams, Zoom, WebEx: Berlin authority warns against popular video systems

After an initial data protection audit, some video service providers have made improvements to their offerings. But the Berlin data protection commissioner still sees serious shortcomings. The State Commissioner for Data Protection in Berlin (Germany), Maja Smoltczyk, advises against using leading video conferencing systems such as Microsoft Teams, Skype, Zoom, Google Meet, GoToMeeting, Teamviewer and Cisco WebEx. The reason is a retest of various offerings. After a number of services had already failed a test of data protection requirements last year, a new test of the major providers did not reveal any substantial improvement. Smoltczyk said that she was pleased "that our comments had persuaded so many providers to improve their offerings, in some cases very significantly, in terms of data protection". There are now enough legally compliant services for a wide range of purposes that there is no reason to break data protection law for video conferencing. However, if a provid...
Read more