Are you sure?

Cell phone phishing target Hungarian mobile users

A cell phone phishing scam already widely detected in India has reached Hungarian mobile subscribers.  Attacks combining voice (mobile and internet telephony), SMS and traditional e-mail were first detected about 3 years ago.

VirusBuster experts have captured an interesting SMS message. The text, sent from a Bulgarian number to a Hungarian cell phone, was as follows:

"Congratulations, you have just won one million pounds on the o2 mobile promotional lotto. Contact Dr. Matt West on email: [drmatwest_kukac_live_com] for claim of funds."

Never believe such messages. If you do, the result will be disappointment or worse. You may try, for example, call back the sender. But beware: chances are high that the number gets redirected to an expensive pay service. If you decide to write to "Dr. West", in his reply he may ask you to transfer a certain amount to a given account, just as a kind of guarantee for the lottery procedure. Or you may just get added to his e-mail address list, which, most probably, will provide you with loads of spam. And those spam messages could carry malware as attachment.

According to VirusBuster's experts, the SMS attack which reached Hungary can be traced back to India. The Asian country's leading business daily, the Business Standard, published an article about it months ago. The messages mentioned in the newspaper, many of which can be found in reader comments to the article, are very similar to the one quoted above.

Attacks combining voice (mobile and internet telephony), SMS and traditional e-mail were first detected about 3 years ago. Since then, they have become so widespread that they even got a name: "vishing". The term was coined from the words "voice" and "phishing". Cybercriminals use the technique to get data from their victims.

What kind of information are they after? The range is wide. Some may hunt for no more than e-mail addresses, but others would press for internet banking login details. Some messages are composed in the name of a fictitious important person, such as a high-ranking official, to lure readers into sending money to an account, so as to receive a nice sum (maybe a heritage) in return. Since this latter trick first appeared with a Nigerian connection, these kind of messages are called the "Nigerian scam".

Who falls in the trap? Many, it seems. According to the estimates of market research company Gartner, phishing-related losses reached $2.8 billion worldwide. The average victim lost $257 in 2005, but already $1,244 one year later.

Of the many tricks used by cybercriminals, vishing has become particularly widespread in India. Why? The reason is obvious. Each month, almost 8 million new subscribers join the huge country's cell phone market, and SMS is a service used by practically everyone.

Of course, the scam is not for India only. Early this year, for example, the FBI's Internet Crime Center reported several vishing cases. Now it seems, Hungary is catching up...