With COVID-19 a global issue right now, criminals and attackers of SMS fraud and cybercrime have increasingly taken to using it as a lure, sending SMS claiming to be from sources including the World Health Organization, governments, police forces, and many more. Action Fraud released a report in April that the UK reported fraud and cybercrime cases related to COVID-19 with a total value of USD 2.6 million. Meanwhile, the US Federal Trade Commission recently said that Americans have lost over USD 12 million to COVID-19 scams since January. To prevent this number skyrocketing, businesses and communities need to raise awareness regarding the risk of SMS fraud by first understanding some of the most common types of SMS fraud.

Spam: Annoying, yet harmless SMS with no purpose other than advertise products and services

Spam is defined as indiscriminate unsolicited messages sent in bulk without opt-in or authorization of the recipient. Spam appears in many forms, including email, forums, even from search results. However, the number of SMS spam is now significantly increasing as the overall rate of receipt grew by 300% from 2011 to 2012 (Cloudmark Whitepaper). Most SMS spam is annoying, but it is harmless. It serves no real purpose, other than to advertise a product or services. However, spam SMS can be triggered by hackers to induce people to handover their personal data and therefore will lead to fi0cial loss. If the number of SMS spam levels continue to grow, then customers will have difficulty in determining which SMS are genuine and may stop responding to any of the SMS they receive.

SMS Phishing: A social engineering technique, sending SMS to gain access to online system

SMS phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity. Cybercriminals can also send SMS phishing to trick victims into clicking a malicious link to steal their identities, empty their bank accounts or install malware on their phone. While impersonating as banks, healthcare agencies, or courier firms, attackers often inject a sense of urgency to frighten the victims into following instructions that might have raised suspicions if they have more time to think. If a suspicious SMS appears to impersonate your organization, you need to immediately report it to an anti-fraud SMS service and relevant authority.

SMS Malware: Attempt to access sensitive information through the installation of malicious software

All mobile devices are vulnerable to various threats and it will continue to grow year over year. SMS attacks involve the creation and distribution of malware by cybercriminals designed to cause the collapse of the system and loss or leakage of confidential information from the victim’s mobile device. This SMS malware can gain access to your mobile operating system and sensitive information through the installation of malicious software on a device without the victims’ knowledge. This malware disguises as an innocent app that acts silently in the background.

SMS fraud affects everyone, be it directly or indirectly. According to the Communications Fraud Control Association (CFCA) telecom fraud represented nearly USD 30 billion globally last year. Fraud persists because of a lack of awareness, a lack of inclination or a lack of ability to make any meaningful change to the system. By identifying the type of SMS fraud before implementing A2P SMS Indonesia, you have already taken the first step towards making positive changes and creating an ecosystem which is free of fraud.