Cyber criminals target COVID19-related SMS messages for cyber attacks

Governments and global institutes of repute are using SMS messages to disseminate authentic information about COVID19 to citizens

New Update
AI in pandemic management

The spread of the novel COVID19 pandemic is providing cyber criminals with novel methods to orchestrate crimes. As governments and citizens around the world use innovative tools to fight the spread of the disease, cyber criminals have found a global opportunity to attack these very tools for their own gain. The latest being the SMS-based text message scam.


Efforts to keep citizens informed with authentic information

There is a lot of emphasis on providing citizens with authentic information. This is with a view to arrest the spread of disinformation and prevent citizens from falling prey to the tactics that cyber criminals use. To keep the citizens informed of the on-ground activities and a slew of initiatives being taken to contain the spread of the Coronavirus, governments and reputed institutions are using official accounts on social media. They are urging citizens to rely only on the information from official and reliable sources.

Further, there are many other apps that help allow people to learn about the status of people infected in their nearby area. The government of India has made it mandatory for its citizens to download Aarogya Setu - it’s contact tracing app.


The SMS trap

Apart from social media, apps, and broadcast messages, governments are using SMS based text messages to keep the citizens informed. However, cyber criminals have found an opportunity to exploit unsuspecting citizens in these SMS campaigns as well. They are increasingly using SMS as a vector to disseminate spam and phish out personal details of the recipients.

The fake SMS messages resemble genuine messages. This makes it difficult for recipients to identify fake messages from the real. A fraudulent SMS message would include a link and a context to trick people into clicking the link. For instance, a fake message would inform the recipient that new COVID19 testing centers have been opened in their city. The message would further advise the reader to click the link to find a testing center near her. Another example of a fake SMS message is where readers are advised to share their details through the link to learn if they have come in contact with an infected person.


Steal information, plant malware and ransomware

Once the link is clicked, there are a myriad of ways cyber criminals can leverage this opportunity to scam the user. The link may redirect the reader to a form where readers must share their personal details. The link, when clicked, can download malware on the device to steal the data contained therein. It could even be a ransomware that may lock the reader’s device which would need them to pay a ransom amount to have the device unlocked.

Irrespective of the attack vector, the underlying intent of the cyber criminals remains the same--to steal or phish out personal details of the readers and compromise the device. These personal user details provide cyber criminals with the building blocks to execute fraud in many forms. They can impersonate genuine users, take over their accounts, and even use their digital identities to mask their own financial crimes.


Look out for signals of a possible scam

As mentioned before, it is difficult to tell these fraudulent messages from genuine messages. That said, it’s not impossible. A little vigilance can help spot identify scam attempts and prevent falling prey to them. Remember, governments do not request for personal information. Therefore, when asked for personal information, credit card details, or any other piece of information, be wary. These are the key signs of a possible scam.

The article has been written by Neetu Katyal, Content and Marketing Consultant


She can be reached on LinkedIn.