Application security, Incident Response, TDR

Text messages scam for Asian donations

The recent natural disasters in China and Myanmar have led to scams to steal money intended for donations.

Not only are websites being hacked to redirect funds meant for legitimate organizations, as had happened during Hurricane Katrina relief efforts, but now scammers are using text messages to ask potential donors to wire money to a certain account, experts said this week.

The Short Message Service (SMS) spam issue was brought to the attention of the SANS Internet Storm Center by a number of China residents who had received the message, handler Maarten Van Horenbeeck told on Monday.

“This is not entirely new, and not unexpected either,” he said. “SMS scams have been reported quite often from Asia and Europe, where the technology has been popular for a bit longer than in the US.”

The messages requests that the reade transfer money to a certain account number, or even just reply to the message to help fund relief to the Sichuan earthqake, Van Horenbeeck wrote on the Storm Center site. Other reported messages suggested helping the Red Cross by calling or sending a text message.

Responding to these text messages may create another type of scam. Mobile device users are often unaware that responding to an SMS may result in them subscribing to a service for which they have to pay to receive a number of texts each week until they unsubscribe, said Paul Wood, senior analyst at email security firm MessageLabs.

The way in which unscrupulous scammers encourage people to sign up to such schemes can often be misleading and the user may find it difficult to remove themselves from the list, Wood said.

“Although the sender has to pay to send the message, sometimes the recipient has to pay also, for example a user on a 'pay-as-you-go' plan may be charged 10 cents to receive a message," he said.

Van Horenbeeck said he thinks these types of attacks will increase.

“As the barrier to responding to a text message is very low, there will initially be quite a few people that may feel inclined to support the cause by sending a quick reply,” he said. “There's a much lower investment in sending a message, and people are likely to react. The same goes for text messages, where requesting people to contact ‘for-a-fee' numbers can actually constitute direct payment. Essentially, the loop for the attacker between sending his message and getting revenue shortens.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.