Phishing moves to SMS

Phishing attacks on mobile phone users are a growing threat which operators must take immediate steps to prevent, says consulting firm LogicaCMG.

SMS phishing, sometimes shortened to smishing, uses text messages to trick users into handing over valuable private information or go to fake websites where spyware and other malicious programmes can be downloaded, says LogicaCMG Telecom's Chris Newton-Smith.

He says mobile operators have a big role to play in protecting consumer and business users from falling victim to smishing scams.

"It's a very real problem that's already made headlines in different parts of the world," he says.

"People are using these malicious spams for social engineering - encouraging people to ring a false customer care hotline which costs an astronomical amount per minute."

Some mobile operators are already moving to block these messages and prevent users getting them, he says, but believes others have been slow to react to the issue.

"Some are attaching warnings to messages that come from outside the network, so it's not necessarily just a matter of blocking," he says.

"It's up to all operators to address this problem, as it's not only aggravating for their customers it's also costing them money in refunding people who've complained. They must do more - this problem can be solved."

But mobile and wireless analyst Mike Hijdra of 2Fast4Wireless believes the problem is actually fairly small. "I believe this hardly ever happens," he told IT Pro.

"Operators have inside information on who's sending what, as all SMS traffic goes through them and is therefore monitored. If they want, they can simply ask phone manufacturers to fix it."

A bigger threat, he believes, comes from malicious attacks via Bluetooth wireless technology. "SMS is monitored, but Bluetooth is point to point so much more open to attack," he warned.