A new scamwhich exploits the classic smishing mechanism (or SMS phishing), has been reported by users, many of whom are currently receiving fake messages promising earnings up to “one thousand euros” and directly to the “Amazon account”.
But let’s see how the scam works and how to defend yourself
The new scam reported
The reported scam starts with sending an SMS, with the sender “income ext“. The text of the message reads:
“You have been assigned an Amazon account – just for a few days! Invest from €200 and earn up to €1,000 a month”.
The text message then ends with an invitation to click on a link to get more information. However, it is a scam (very similar to that of the fake job offer: reported here), which exploits the classic smishing system (similar to phishing but different: here to learn more about how it works and how to defend yourself).
Indeed, once you click on the external link, hackers are able to take control of the electrical device with which you are browsing (smartphone, tablet or PC), taking possession of all the sensitive data stored. In this way they can access private profiles, current accounts, personal passwords. In a few minutes, therefore, the user who is a victim of the scam could find himself robbed of everything.
What is smishing and how to defend yourself
Lo “smishing” is an attack on computer security carried out via text messages – also known as SMS phishing – and is a variant of phishing, i.e. a deception attempt by which victims are induced to provide sensitive information (for example by referring to a site that appears reliable but which is actually a fake reply that uses the name of an institution, a bank or an important and recognized body). Very often, for example, you are referred to sites that resemble those of the INPS, or of the Italian Post Office or the Agenzia delle Entrate, asking you to fill in forms to block accounts, credits or bonuses that do not exist (we told you about here).
SMS phishing can be assisted by malware or fraudulent websiteswhich means that it is not always necessary for the victims to provide their personal data, but just clicking on the corrupted links will allow cyber criminals to take control of the device (and therefore steal all the stored information).
Deception and fraud are the main components of any SMS phishing attack. Because the attacker assumes an identity that tends to be trusted.
There are a few things to keep in mind though that help protect yourself from these attacks:
- Do not answer. Responding requests such as sending “STOP” text messages to unsubscribe can also be a trick to identify active phone numbers.
- Do not rush. Urgent account upgrades, limited-time offers, and urgencies are often used to disguise smishing. It is therefore always important to remain skeptical and verify the validity of the message.
- Call directly if in doubt. Legitimate institutions do not request account updates or login information via SMS. In addition, any urgent notices can be checked directly on the official online sites or via a telephone helpline.
- Avoid clicking on links or contact information in the message.
- Never keep credit card numbers on your phone. The best way to prevent financial information from being stolen from a digital wallet is to never put it there.
- Use multi-factor authentication (MFA).
- Never provide a password or data via SMS.
