New 'SMiShing' spam targets WAP and smartphone users

New instances of ‘SMiShing' have been detected in Europe that target smartphone users.

Jarno Niemelä, senior anti-virus researcher at F-Secure, posted a blog where he received a message that translated as ‘Video message, click'. If the recipient clicks on the link they will end up opening a page that looks like an advert for a service called ‘Mobile Tube', that replicates the YouTube logo.

Niemelä said: “So, at first glance, this just looks like ordinary SMS spam. However, if the recipient reads the fine print at the bottom of the page, things get interesting.”

He pointed out that the fine print is in Finnish and states that the user has accepted a premium rate service, and if they wish, they can cancel the contract.

“We have seen this type of scam before and have reports of many other languages besides Finnish being used. The scam works if the user has a WAP access point enabled, as is per default with most operators. The scammers will get the necessary information for billing just by having the user click a link and visiting the web page.

“So whenever you see unexpected links via SMS, just delete the message and do not click them. If you clicked on a link, check if the page has an unsubscribe link. If it does, unsubscribe from the service and then file a complaint to your phone operator if you are billed by the premium service vendor,” he said.

In an update on the 8th October, F-Secure senior anti-virus researcher Jarno Niemelä, claimed that the small print says that service is ‘free of charge and by using this service [the] user gives the company [the] rights to send information and promotional messages in the future'.

Niemelä said: “Interestingly enough the page used to have [the] company name at the bottom, that is now removed. If the fine print on the page can be relied on, the SMS spam messages are now rather harmless.

“But we still advise people against clicking on any unsolicited links they receive over SMS, as the company behind messages still tries to use the page to legitimise any further advertising messages.”

Sign up to our newsletters