Investigating Worldwide SMS Scams, and Tens of Millions of Dollars in Fraud
Posted: Tuesday, Jan 30

i 3 Table of Contents

Investigating Worldwide SMS Scams, and Tens of Millions of Dollars in Fraud
From KBI

SMS services remain a critical part of telecommunications; they don’t require Internet access, and companies use them to inform their customers. This combination of features makes them incredibly useful for criminals who use the technology as a stepping stone in their never-ending campaigns. And if you think that the new RCS messaging standard will offer any protection, you would be wrong. These types of scams will continue to spread regardless of the messaging standard used.

SMS scams are everywhere, and attackers are always looking for a social or political issue to exploit for profit. As scams get more creative, whether it’s a package delivery, a government refund or a banking credential issue, anybody can become a victim.

We looked at SMS campaigns worldwide to determine which scams are most prevalent and where they are primarily located. Our research spans from the beginning of September to the beginning of December.

Key findings:

  • We estimate that attackers have taken in around $40 million in just three months, and that’s a very conservative number.
  • SMS scams span the globe and most malicious messages are about package deliveries, banking, government, social media and other platform accounts, and fake prizes.
  • Attackers take time to customise messages and build campaigns that take advantage of each country’s political or socio-economic landscape.

Estimated Financial Impact

Based on our data gathering and analysis data of non-Bitdefender users over a three-month period, we approximate that 15% of SMS will result in a person clicking a URL. From this cohort, we expect that 10% will actually enter personal details that may result in money loss that averages to $1000. From the above data, we estimate it’s likely attackers made at least $40 million in three months, which is a conservative number.

It’s also worth noting that the profits are not going to a single group of attackers, as the campaigns described in this research likely stem from multiple groups.

Country Profiles

Looking at areas of higher scam density, we notice a few regions with a greater prevalence of scams such as the ones described below.

In South Korea, most SMS scams contain invitations to join Telegram or Kakaotalk channels, which include investment and stock information or receiving fake prizes or payments.

Australia, another popular country for scammers, has received plenty of fake package delivery messages and government and banking-related attacks. In the United States, users receive many spam messages concerning political surveys, donations, job openings, or service reviews. Apart from this, plenty of banking attacks have also been identified.

In Turkey, SMS messages get delivered from betting and casino websites, some of which may be spam. Looking at the European region, we notice that most countries have a prevalence for scams, with the highest percentage being Turkey, Ireland, Germany, France and the United Kingdom.

Compared to the European average value of messages received per user, in Germany, France and the United Kingdom, users received twice as much as most Europeans have in this period.

In Turkey, most messages are casino-related, but in other European countries, the scammers prefer messages related to banking, package delivery and government issues.

Types of SMS Scams

Taking a further look, we distinguish five major categories SMS scams typically fall into:

  • Delivery/Fake Packages
  • Banking
  • Government/Political
  • Video Streaming Platforms
  • Fake Contests/Prizes

Delivery

Delivery-related scams have been going on for a few years and scammers are always finding new ways to trick people into giving their data. Delivery and postal scams ask the user to pay an additional fee or a custom tax, reschedule a package, or track the shipment.

This is the most popular scam we find in almost every country we analysed.

Australia

“Hello! Your deliveries have failed many times. Please change the correct address as soon as possible. Redelivery: https://auposts.biz/aua

United Kingdom

“E.V.R.I.: If you don’t reschedule a new delivery date, your parcel will be sent back to the sender visit: https://evri-delivery-reschedule[.]com/book

Netherlands

“NL4XXXX31Z pakket is onderhevig aan douanerechten (2.99), ga naar https://pakketdiensten[.]com om uw levering te hervatten.”

France

“Chronopost : votre colis a subi une erreur logistique. Veuillez confirmer vos informations : https://erreur-logistique[.]com

Turkey

“Yurtici kargo: koliniz adres nedeniyle gonderim merkezine iade edilmistir,tekrar gonderilebilmesi icin lutfen adresinizi guncelleyiniz!https://is[.]gd/qFBPMX”

 

Banking

Banking scams are found in many countries and usually present people with an urgent situation they need to solve by giving out their credit card information. The messages often state that the users’ account might be disabled unless the user reauthenticates on the provided fake link in the SMS.

Here are some examples:

United Kingdom

“SantanUk: You recently set up a new beneficiary via mobile banking on Nov-02. NOT you, go to: https://auth-user-login[.]web.app

Canada

“Please complete our security process by 24h to avoid a block on your online access. https://rbcroyalbank[.]cm

Spain

“El 26/10 a las 16:49 hemos detectado un pago en un comercio online por alto importe. Si no ha sido usted, revise: https:// ing.directs[.]com.es”

India

“Dear ‘AXIS BANK’ user,.

Your ‘AXIS BANK’ A/c Will be suspended today. Please update self PAN-Card immediately.’Click on the link below-‘ https://t[.]ly/AXIS_ePAN

Germany

“DIe Phototan ist ab 03.12.2023 nicht mehr verfügbar. Wir empfehlen umgehend Commerz.265268[.]com für das aktuelle Sicherheitssystem zu verwenden.”

 

Government Services

Government scams vary depending on what social issue is a hot topic in the country at a given time. We found that most government-related SMS attacks take place in France, the United Kingdom, the Netherlands and Australia, but many other countries have this type of attack but at a smaller incidence.

In Australia, malicious SMS messages are related to the health care program, Medicare or certain actions people should take to update a Centrelink or myGov account.

“Latest News [My.Gov]: There is a $1,560 refund pending on the account. Please update your information to receive:https:// eckerink[.]tech”

“Medicare Notice:Regularly review and update your Medicare information for uninterrupted services:medlcare-au[.]cc.”

Fraudsters in the United Kingdom are imitating the Driver and Vehicle Licensing Agency (DVLA) to persuade drivers to give out their personal information.

“DVLA: Our routine check requires confirmation of your driver’s licence record, so please act accordingly on my-dvla.agency-uk[.]com”

In France, for instance, many campaigns are about the health insurance program (Ameli and Carte Vitale) or a transport card-related action that must be taken (Navigo). Some of the scams have been going on for years.

“Votre nouvelle carte vitale est disponible. Veuillez remplir le formulaire afin de continuer a etre couvert: ameli-renouvellement[.]fr”

“NAVIGO vous rembourse 184.10euros Visitez https://navigo-agence.com afin de bénéficier de votre remboursement.”

 

Government Taxes

Tax refunds are a common scam in many countries. In Australia, the most common ones concern the A.T.O. refund.

“A.T.O.: Hello, you’ve got an immediate pending issue on your 2022/2023 income tax lodgement, Visit https:// lodgementrefund2023[.]top/UPdate/ to fix immediately”

“A.T.O. Your refund is now available to be claimed at: mygov-refunds.publicvm[.]com/ret/ato by completing the steps.”

In the U.K., another scam that appeared years ago and is still in use today imitates HMRC, the national tax authority, to get people to input their data for a tax refund.

“HMRC GOVUK:Our records show that your tax refund of £398.90 can now be claime.Please continue via:https://ukhmre-tax-refund[.]com to claim your refund”

“Your refund up to £5389 is unclaimed. Tax was taken from past PPI/Loans and is owed back. Click now: https://trendglo.co.ukvsms[.]io/GB

In the Netherlands, similar attacks focus on receiving a tax refund or outstanding debts.

“Uw openstaande schuld van: €436,28 is tot op heden niet betaald. Betaal dit nog voor 11-09-2023 via: https://schuld-aflossen.xyz/belastingdienst/BD567.430.31/

Tolls

Toll payments are featured in a frequent campaign in countries such as Australia, New Zealand and Hong Kong. The messages usually state that you must pay a toll tax or receive a fine.

Australia

“Your toll has not been paid by the deadline of November 18, 2023. Please pay it as soon as possible. Avoid being fined. Learn more https://www.tollceas.center

New Zealand

“N.Z.T.A. -You have tolls that have not been paid and are overdue. Click: https://nzta.bplcw.com/ to update the information and pay the toll.”

Social  Media & Platform Accounts

The most widespread campaign addresses an inability to use a Netflix account if a payment is not made, or the user’s credit card information is not updated. The scam also leverages other services such as Amazon, Apple or Disney.

“NETFLIX: Votre dernier paiement a été refusé, veuillez confirmer vos informations de paiement ou votre compte sera suspendu: espace-support[.]com”

“N.E.T.F.L.I.X.: Account on hold. Please update your details to avoid cancellation: https://confirmprofile[.]info

“NETFLIX : Letzte Warnung vor der Einschränkung Ihres Kontos Bitte bestätigen Sie Ihre Angaben bis 24 Uhr : https://mynetflix-int[.]com

“amazon PRIME: Payment rejected, go to processpaymentamazon[.]ca”

Fake Prizes

A common scam  is about fake prizes that the user has allegedly won. The messages usually seem to come from a large chain store and allegedly offer either electronics or vouchers. Normally, the messages also contain the user’s full name and phone number.

Similar messages have been seen in multiple countries, such as Spain, Romania, Sweden or even South Africa.

Also, this category included messages seemingly from casino and betting websites, stating that the user has won an amount of money.

US Politics

In the US, texts about donations and surveys regarding political candidates are received by most people. The large number of SMS messages an average person receives in the US makes it challenging to distinguish between legitimate and fake political campaigns.

How To Identify a Scam & Tips To Stay Safe

Most scams create a sense of urgency around their request, which shows up in all sorts of shapes or forms. Whether it concerns a package about to be sent back if details are not provided, a prize available for a limited time, or a bank account that will soon be suspended, these messages seek to make the potential victim react quickly and without giving much thought to what is asked of them.

Always remain wary of demands that make you give out your data. When in doubt, contact the company or institution that sent the SMS by other means of communication to confirm if the request is legit and was sent by them.

The Production Team
The KBI Production Team is a staff of specialist technology professionals with a detailed understanding across much of cybersecurity and emerging technology. With many decades of collective industry experience, as well as expertise in marketing & communications, we bring news and analysis of the cybersecurity industry.
Share This