SMS Gateways Allow Cybercriminals to Flood Phones With SMS Phishing Messages For Just €0.004 ($0.0044) Each
January 2024 by SlashNext
Our team has been investigating the latest services and infrastructure available to cybercriminals for orchestrating SMS phishing campaigns. After analysing cybercrime forums, it is clear that SMS gateways are currently a highly popular method, thanks in no small part to the minimal cost. With these SMS gateways, cybercriminals can send hundreds of thousands of SMS phishing messages for as little as €0.004 each. In our recent State of Phishing Report, we found a 1,265% increase in malicious phishing messages across all mediums, and 39% of mobile-based attacks were SMS phishing. No doubt, the widespread availability of these services is contributing to that increase.
SMS Message Gateways
Today’s smartphone users are vulnerable to SMS phishing attacks. An examination of cybercrime forums reveals that cybercriminals have easy access to SMS gateways capable of sending large volumes of text messages. This enables mass SMS spamming, which allows phishing attacks and scams to reach people’s phones quickly and repeatedly.
SMS Spam Gateway
These gateways allow anyone to sign up for a small fee and send an unlimited number of SMS phishing messages to any phone number they want. In effect, these gateways provide an HTTP interface that is linked to a session initiation protocol (SIP) trunk, which is a virtual phone connection that allows a business to make multiple voice calls over a single internet connection.
SMS Messaging Gateways
To remain anonymous, the individuals operating these services simply purchase access to SIP trunks from providers who accept cryptocurrency. Alternatively, they compromise them. According to our research, millions of SIP-enabled devices are directly connected to the internet and accept incoming traffic from all IP addresses. In fact, there are threads on cybercrime forums and networks that share information about auditing SIP itself. It would not be unreasonable to assume that many SIP trunks have been compromised.
SMS Cybercrime Forum
During our research, we also discovered that many users are attempting to purchase direct access to SIP trunks from other cybercriminals rather than going through one of these accessible gateways.
This is most likely because many gateway providers require a minimum deposit that is higher than what criminals would have to pay if they ran their campaigns directly on their own infrastructure.
One-Time Password Bots
Another intriguing feature we’ve noticed with these gateways is integrated one-time password (OTP) bots. To provide two-factor authentication, many online services use one-time passwords sent via SMS text messages.
To circumvent this security measure, cybercriminals use automated OTP software bots that intercept SMS messages and extract one-time codes. Typically, OTP bots are sold as standalone software.
However, some SMS gateways directly integrate them, making it easier for criminals to bypass two-factor authentication when conducting phishing campaigns and account takeover attacks.
OTP bots for sale
By creating an account on one of these gateways, attackers gain access to a diverse set of tools for SMS and voice-based attacks.
Zero Days And iMessage
Although there are ongoing discussions about exploiting iOS and iMessage, many of these conversations appear to be centred on sharing proof-of-concepts for vulnerabilities that target outdated versions of this software. The use of low-cost gateways appears to be the most popular method for orchestrating an SMS phishing campaign today.
Cybercrime Forum POC
Cybercriminals simply require a large amount of data containing telephone numbers, which is trivial to obtain, whether they hack it themselves or buy it from someone on one of these networks, and then create an account on one of the multiple gateways available.
Cybercrime Forum Sell Cryto Leads
Image: A user on a cybercrime forum selling 7 million cryptocurrency leads for $200
They can then effectively plan large-scale SMS phishing campaigns. This method, as described above, is far more common than the widespread exploitation of zero-day vulnerabilities in relevant software, because of its lower entry barrier and efficacy.
Protection With SlashNext Mobile Security
To prevent SMS phishing attacks, we offer a mobile security solution. Our platform is designed to safeguard against a variety of mobile phishing threats, including SMS-based scams. We provide real-time threat detection, ensuring a secure mobile experience.
Features include safe preview, detailed threat information, support ticket submission, and automated notifications, all while maintaining minimal resource usage. This protection is ideal for business and personal use, ensuring your mobile devices are secure against sophisticated phishing attacks.