Members
  • Total Members: 12818
  • Latest: martin
Stats
  • Total Posts: 28534
  • Total Topics: 8240
  • Online Today: 1027
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: SMS Phishing Campaign Spreads in China  (Read 348 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 723
  • KARMA: 116
  • Gender: Male
  • Pez
SMS Phishing Campaign Spreads in China
« on: 15. February 2016., 23:17:54 »
SMS Phishing Campaign Spreads in China

Phishing messages and fake websites for stealing users’ credentials are a common occurrence. Recently, however, mobile banking users in China are facing a new wrinkle: phishing texts that appear to come from a major bank’s official number.

The GSM standard is not a secure network because the authentication between mobile phone and network goes in a single direction: The network checks the legality of the client, but client does not check the network. An attacker can take advantage of this to send mass text messages to mobile devices from a fake base station. For more information, check out the following: https://www.twelvesec.com/using-gsm-tester-intercept-calls-sms-pt1/

The following two screen captures of SMS text messages appear to come from the service number of a well-known bank in China:



The messages warn that a mobile bank account will become unavailable, and lead the potential victim to fake websites.

The bogus site pretends to be the web interface of the bank and “requires” users to input bank account, password, and mobile phone number to register the mobile phone’s bank features. The following images show the fake interface (left) and the legitimate interface (right) of the bank.



If a victim delivers the bank account, password, and mobile phone number, an attacker is much more likely to steal money from an account.

If a victim delivers the bank account, password, and mobile phone number, an attacker could at least access the account and steal information. (The attacker might not be able to withdraw funds because a one-time password is necessary.)

The key to this threat is that the SMS texts appear to come from the bank’s official number. This is an important point because most people trust messages that appear authentic. Unfortunately, this kind of message can be forged with a fake base station and an SMS mass-sending tool.

When a user enters an area where the fake base station’s signal is stronger than the real base station’s, the fake station will send SMS messages to the user’s device. This fake base station could be in a house or a moving car. In China, buying the equipment to set up a fake station is inexpensive.



Threats vary considerably. In this case, you need to question even official phone numbers, websites, and other apparently authorized sources to avoid being cheated.

To check if your device is connecting to a fake base station, try the following:

• Call a provider’s service number, for example, if you are a China Mobile user, call 10086 to see if you can reach it.

• Send a text message to your provider’s service number and wait for a text message response. For China Mobile, text 10086.

• If you don’t mind bothering a friend, text or call to see if you have a legitimate connection.


Intel Security, through McAfee Mobile Security, detects these malicious text messages as SMS/Smishing.D.


Original article: https://blogs.mcafee.com/mcafee-labs/sms-phishing-campaign-spreads-china/
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

SMS Phishing Campaign Spreads in China
« on: 15. February 2016., 23:17:54 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising