Written by Zachary Blenden
Mobile devices are aggressively targeted by cybercriminals during the COVID-19 pandemic with crafty smishing campaigns. In a smishing attack, the cybercriminal sends a text message containing a malicious link. If clicked by the recipient, the mobile device may be infected with malware or the recipient may be prompted under a ruse to enter sensitive information such as account passwords. In recent COVID-19 smishing campaigns, cybercriminals pretend to be equipment supply companies, popular streaming services, and government or healthcare organizations, among others. The text messages are usually delivered from a standard US phone number and contain information that is meant to lure the victim into clicking a link and ultimately providing sensitive information or downloading a malicious file.
The following image is an example of a coronavirus-themed SMS that serves as an example of what we routinely see. These messages may have different themes or content, but will primarily consist of the same 4 components:
Recent smishing campaigns include offers of free Netflix Premium or other online streaming accounts, advertisements of sought-after hygiene products (e.g. face masks, hand sanitizer, toilet paper) or survival equipment, and impersonations of loan officers or the IRS informing that the recipient is eligible for a stimulus check or loan.
Some media and research outlets suggest that there has been a shift in the context of smishing campaigns that correlates with the progression of the pandemic. For example, in the early stages of self-quarantine and lockdown measures, many campaigns centered on messages offering free premium streaming subscriptions or coupons. More recently with stimulus efforts underway, campaigns have shifted to financial relief, loans, or stimulus checks/promotions.
Cybercriminals will continue to capitalize on the pandemic and adapt tactics to take advantage of the latest developments. We expect to see more smishing attacks – and more well-crafted ones - emerging from actors who see a unique opportunity in this environment.
About the AuthorZac Blenden is a Threat Intelligence Analyst at Q6 Cyber with a focus on cybercriminal communities and activity. Prior to Q6, Zac was a Penetration Tester and Threat Intelligence Analyst.