London, 9 May 2013 – AdaptiveMobile, the world leader in mobile security, today reveals a growing web text phishing scam targeted at consumers in Western Europe. As part of the company’s Ongoing Threat Analysis (OTA), which reports on global mobile security threats, it has uncovered a sophisticated scam where European subscribers were tricked into giving their operator portal login information, allowing scammers to send thousands of costly international messages containing spam from their accounts. AdaptiveMobile tracked the first instance of this attack 18 months ago and the threats lab has monitored a steady increase since.

Scammers first sent thousands of SMS phishing messages asking subscribers to click a link to log in to their operator’s online portal where they could access a promotional offer.

Upgrade your [redacted] account to make unlimited free calls to any network click on this link http://[redacted].com/online.htm or copy and paste into your browser

After clicking on the link and submitting their account details, via the fake portal, users were redirected to their operator’s legitimate website as if an error had occurred. However, by that time scammers had captured user login information which they then used to send thousands of spam SMS messages across the globe. Affected users were then billed for the international messages after their free allocation was exhausted, in some cases resulting in charges of thousands of Euros.

“Scammers are incredibly persistent and will continue to look for alternative methods for distributing SMS spam without getting caught,” says Ciaran Bradley, VP of Handset Security, AdaptiveMobile. “This threat is particularly worrying for operators looking to retain customer loyalty and trust not only because users had fraudulent activity on their account but also, by imitating them, spammers associated them with the scam. On top of this it cost them significant amounts of money in international termination charges and having their fraud teams investigate the issue.”

The hacked accounts were used to send spam texts promoting lotteries or fake promo scams, for example:

Your mobile has won 330,000 AUD in Nokia/freelotto.ref No: NFL964. To claim send your name email and mobile to Nokiaconnect@[redacted].com tel:+4470[redacted]

Spammers made money through advanced fee fraud by asking ‘winners’ to pay a handling fee in order to claim their prize.

“While many operators have measures in place to combat SMS spam it is important that they are aware of how spammers are diversifying, particularly with compound threats like this one that combine a number of stages and multiple bearers, so they can protect their customers and themselves,” concludes Bradley.