Police and mobile service providers can do little to fight SMS phishing

Cell phones (Photo is illustrative).
Cell phones (Photo is illustrative). Source: Siim Lõvi /ERR

The number of SMS phishing of smishing messages reaching Estonians' phones has exploded since early May, while both the police and communications operators can do little other than warn people not to click on suspicious links.

The latest wave of smishing comes as short messages sent in the name of courier services and online platforms. The SMS messages include links to various sites that collect bank and other types of personal data through payment links.

Mobile services providers, police and companies the names of which are used in such messages all ask people to report them.

Helen Uldrich, head of communications for the State Information System's Authority (RIA), said that the agency can shut down phishing sites, while the perpetrators soon create new ones. RIA also released an application meant to block malware and phishing attempts last year.

The rapidly changing nature of phishing attempts is what makes them hard to combat.

Police Cpt. Maarja Punak said that while the police can warn people and ask the messages to be reported, there is little else that can be done about messages sent from abroad. "We have issued warnings on the level of police stations and using social media accounts of web constables, but the text of the messages changes weekly," she said.

Punak said that the police are contacted to report a new scheme or ask what such messages are about.

"The best way to avoid damages is raising awareness. While the crooks will always find a new way to get their messages through, a knowledgeable person likely will not be had," the captain remarked.

A lot of the recent messages are seemingly from national mail carrier Omniva asking the recipient for a small additional fee to get their package or for it to be delivered. Omniva said that they never ask for payment or people's personal data in SMS messages, and that fees are paid only when the package is being sent or received.

Kristina Haavala, head of media relations for the mail carrier, said the company learns of around ten smishing attempts every day, and because the senders are quite active, such messages could also reach people who are waiting for a package to be delivered.

"The frequency of fraud attempts is more or less even, while the volume of messages changes, mainly depending on when new versions of the messages appear," she said.

Half of smishing waves target randomly generated phone numbers, while half use numbers that can be found online, for example, when people have used them to take part in raffles etc.

Messages from abroad

Mai Kraft, head of internet security for mobile services operator Elisa, said that the company notifies its SMS partners and other service providers when such messages appear and asks them to be blocked. However, the fraudsters just switch to new addresses and channels, which is why such efforts are not effective.

"We have also asked SMS partners to determine where such messages originate and are working with them to detect and block phishing messages faster," she said.

Head of online security at Telia, Aigar Käis, said that over 90 percent of fraudulent messages originate abroad. If the sender appears as a name, not as a number, it usually means the message reached the Estonian network through a contractual mediation service that might in turn have partners and use other transit channels, Käis said.

He suggested that efforts to block such messages have started to bear fruit. "We are seeing the share of alphanumerical spam messages waning, with fraudsters switching to using long and random foreign numbers," he said.

In recent weeks, many smishing messages have been sent without a mediating party. "For instance, coming from various French mobile operators' SMS centers, with long sender numbers starting in 337* and 336*," Käis said.

He also said that reporting such messages is useful. "Because the senders know that ISPs quickly pick up on intensive campaigns, they have reduced the rate at which messages are pushed out – this means a single number pushes around 20-30 messages to our network every minute," the Telia security chief said.

Käis added that while SMS traffic from a third country's SMS center can be blocked temporarily, such cases are few and far between.

Examples of phishing messages. Source: ERR


Follow ERR News on Facebook and Twitter and never miss an update!

Editor: Marcus Turovski

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: