Quantcast
Subscribe to magazine

Blogs

    Privacy Watch

  • Few things are more valuable than your personal data. Associate Editor Erik Larkin shows you how to protect it.
  • Subscribe to this blog

Privacy Watch: Phishers Put Their Lures on Cell Phones

Andrew Brandt

Illustration: Mark Matcho
Have you ever been SMiShed? That's not as personal a question as it may sound to the uninitiated, but it does relate to protecting your personal data.

SMiShing, a term coined by researchers for the McAfee security software firm, describes a form of phishing in which the bad guys send an SMS (short message service) message to a person's mobile phone. The first such messages purported to come from dating-service Web sites. Victims would receive a message announcing that the site intended to charge them $2 a day unless they visited the URL listed in the message and followed the steps outlined there to unsubscribe from the service. Upon browsing to the URL (via computer), victims would get hit with drive-by downloads that installed Trojan horse software that subsequently would steal passwords and do other nasty things to the victims' PC.

I can see how this kind of attack might succeed. Many people don't have the same level of suspicion about text messages that they do about spam or instant messages on a PC. On top of that, every cell phone user I know is wary of being "slammed" with charges for premium-rate services on their mobile phone bill.

Worms that infect PCs have begun to add SMiShing attacks to their menu of malicious activities as well. The VBS/Eliles worm, for instance, infects Windows PCs by opening a back door and giving the perpetrator remote access to the computer. It also launches SMiShing attacks by sending messages to cell phone customers. This particular worm targets the e-mail-SMS gateway at two mobile phone companies in Spain. Fortunately, the worm's creators weren't very sophisticated--most antivirus programs will detect the Eliles worm and delete it before it can cause trouble.

It's impossible for a company to add charges to your bill, unless you knowingly signed up for its service and provided a cell phone number so it could send you messages. So if you get a SMiShing-style SMS message and don't remember signing up for anything, just delete the message and ignore the instructions. The scam works because people visit the Web page without thinking twice about it.

Andrew Brandt is a contributing editor for PC World. E-mail him at privacywatch@pcworld.com. To read previously published Privacy Watch, click here.

  • Recommend this story?
  • 0 Yes
    0 No

"Privacy Watch: Phishers Put Their Lures on Cell Phones" Comments

Print 50% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

Privacy Watch

All PC World Blogs

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

Today's Special Offers