America’s Android and iPhone users are under attack from a plague of dangerous text messages driven by organized Chinese gangs. The FBI has warned that such scams are sweeping the country “state to state,” and thus far no network or phone maker has been able to stem the tide. This is not getting better, it’s getting worse — much worse.
While undelivered packages and unpaid tolls have grabbed the headlines, it’s a different type of malicious text that has been described by the police as “the latest, fastest growing digital scam,” and which was highlighted by the FTC as a threat to Americans.
We’re talking wrong number lures, which have already been sent to tens of millions of Americans, with countless more sent every day. The intent of the text is to solicit a reply, to trick the recipient into a chat. The FTC warns these “often evolve into a conversation with romantic undertones that can lead to investment and other scams.”
If you haven’t been hit up by these texts yet, the chances are that you will. It might be a simple call out to a name you don’t recognize or it might tempt a reply with a lure such as “Hey Stacy, just making sure you’re still on to meet at 6pm. I’m heading there now,” to trick you into a well-meaning reply to let the sender know it’s a wrong number.
Other lures might include a doctor’s appointment, a social event, a funeral, a hospital visit, a message after a long absence, anything to solicit a reply. This is pure social engineering, the itchy texting fingers we all have. The texts will usually start with a name that isn’t yours. The intent is to be clear it’s a wrong number from the start.
The goal of the text often isn’t to lead into a conversation of any kind — all the attacker needs is for you to reply, to reply with anything, and they hit their target. Your phone number is included in multiple databases that are held overseas by the organized criminal gangs behind these operations. Wrong number lures are a powerful way to confirm your number is active — the text goes through — and the user is willing to reply.
If you do reply, an unrelated attack will follow. Not necessarily straight away, but soon. And it won’t just be one further attempt, the gangs have multiple different ways to try to trick you into clicking a link, giving away your passwords, your financial information, and potentially even your identity. This is fraud on an industrial scale.
McAfee warns “these messages may seem harmless, but they’re often the first step in long-game scams designed to steal personal data — or even life savings. McAfee research shows 1 in 4 Americans have received one. Best advice? Don’t engage.”
The power in this approach is the message itself doesn’t seem to ber a scam. As Bitdefender says, “these texts though are not so obvious from the beginning, with no red flags such as suspicious links or mentions of you winning a prize.”
The FBI has warned that “though they’re posing as regular people who entered the wrong numbers on their phones, the scammers who run fake wrong-number text scams use extremely sophisticated technology to commit their crimes.” The bureau tells users to report these scams to www.ic3.org and to “delete any smishing texts received.”