19.11.2024 - Phishing using text messages has increased significantly in recent weeks. A wave of text messages demanding payment of bogus parking fines is now being followed by messages about fake parcel deliveries. Interestingly, these text messages no longer come in the standard form of an SMS, but via RCS, a protocol mainly used on Android devices, or via iMessage, Apple's text messaging service. This allows fraudsters to bypass mobile phone providers’ SMS filters.
Bogus fines from the driver and vehicle licensing office
Over the past two weeks, the NCSC has received numerous reports of text messages claiming that the recipient has not paid a parking ticket or speeding fine. The recipient is pressured in the message to click on the link provided and enter personal data. The link takes the form of a ‘link shortener’. These links are often used in text messages to save space, but have the disadvantage that it is not clear which page the link ultimately leads to. In the current cases, the link first leads to a phishing page where credit card details are requested.
Text messages giving notice of parcel deliveries
The second case is a familiar text message scam that has seen an upsurge in frequency over the past week. These are messages claiming that a parcel cannot be delivered or that customs duties are due on a delivery from abroad. These scams have been around for years. There are two variants: one variant involves classic phishing; the other leads to a ‘subscription trap’, where victims take out a useless subscription and quickly find that their account has been debited several hundred francs. Here, too, attackers have increasingly been using Apple's iMessage service in the past week.
Rich Communication Services (RCS) - The fraudsters' new distribution channel that bypasses SMS filters
It is striking that neither of the above-mentioned variants is now being sent by standard SMS; instead, they are sent via the RCS system or iMessage. RCS has a long history: it is a mobile telephony communication standard that was developed back in 2008 as a replacement for the Short Message Service (SMS), but has yet to become widely used. The service is mainly used on Android devices, as Google has been promoting it for several years. In September 2024, however, Apple also implemented RCS in iOS18, which should give the service a further boost. RCS works in a similar way to WhatsApp, but does not share the address book with the provider. In contrast to SMS or MMS, where each message is charged for separately, with RCS or iMessage users only pay the data costs. However, fraudsters are probably using RCS for another reason: in 2022, Swisscom, Salt and Sunrise introduced an SMS filter. This SMS filter is dynamic, automatically and anonymously checking several million SMS messages every day for certain criteria, such as dangerous links. Fraudsters bypass these filters by using RCS or iMessage. The fraudulent text messages thus reach the potential victims unchecked, which may also explain the sharp rise in reports in the last two weeks.
Recommendations
- Ignore such text messages;
- Never enter sensitive data such as credit card details or passwords on a page that you have opened via a link in a text message;
- The same goes for e-mails;
- Be particularly careful with shortened links. Check whether you have really landed on the right page.
Current statistics
Last week's reports by category:
Last modification 19.11.2024
