Free call

SMS scams: How you can protect yourself from the most common messenger scams

19. July 2023

Have you ever received a suspicious message on your cell phone? You are not alone. Fraud via messenger services is a growing threat in our digital world. As the popularity of these platforms increases, so does the number of scammers using them as a means of ripping off innocent users. Florian Hansemann, founder of HanseSecure and renowned cyber security expert, explains how these scams work and how we can protect ourselves against them in a report by Kabel 1 – K1 Magazin.

Florian Hansemann - IT expert from Munich

How messenger fraud is on the rise

Messenger services such as WhatsApp, Telegram and Signal are an integral part of our daily lives. They allow us to communicate quickly and easily with friends, family and colleagues. But this convenience also has a downside. More and more fraudsters are using these platforms to trap innocent users and defraud them.

Florian Hansemann, also known as a professional white-hat hacker, warned of the dangers of clicking on unknown links in text messages. “You click on something and you end up on a page you don’t want to end up on,” he warned on TV. These seemingly harmless actions can lead to fraudsters gaining access to personal information, which they can then use for criminal purposes.

Over the last two years, the police in Berlin have seen a dramatic increase in reports of messenger fraud. Whereas two years ago there were only 64 reports in the whole year, today there are 500 reports per month. This underlines the urgency of the problem and the need to be aware of the risks and take appropriate protective measures.

The three most common scams and how to protect yourself against them

Scammers are constantly on the lookout for new and creative ways to deceive their victims. In the following, we will take a closer look at the three most common scams that are spread via messenger services and present advice from experts on how to avoid these scams.

Scam 1: The parents’ trick

Beware of such messages - example of a parental trick

The first and most popular scam is the so-called “parent trick”. Parents receive a message purporting to be from their child, who claims to have a new phone number. The message asks the parents to make an urgent payment as the child allegedly cannot access their bank account.

Peter Giesel, an expert on rip-offs at Kabel Eins, advises: “My most important tip is to call back on the old number, if it really has been disconnected and cannot be reached, then it could possibly be true. But make sure in any case, do a cross-check.”

Tips for avoiding the parents’ trick:

  • Be skeptical if you receive a message from an unknown number claiming to be your child.
  • Contact your child via the old number or another trustworthy communication channel to confirm the authenticity of the message.
  • Do not allow yourself to be pressured into making immediate payments. Fraudsters often use urgency to deceive their victims.

Scam 2: The customer SMS

A fake message via SMS

The second scam involves a seemingly harmless customer text message. These messages pretend to come from a trustworthy company and ask the recipient to click on a link to update their data. However, this link often conceals malware.

Florian Hansemann warns: “In the worst case scenario, we end up on a website where we download a virus directly and the phone is then hacked. This means the attacker has access to your chats, your bank details, everything you enter and, in the worst case, can even activate the microphone.”

Tips for avoiding the customer SMS scam:

  • Do not click on links in SMS messages, especially if they come from unknown numbers.
  • Check the authenticity of the message by contacting the company in question directly via a trustworthy contact channel.
  • Install a trustworthy security app on your smartphone that can protect you from malware.
Statement from DHL on the customer SMS scam

Scam 3: The donation scam

The third scam is particularly insidious, as it exploits people’s willingness to help. Donation campaigns are often organized after natural disasters or other major events. Fraudsters use this opportunity to send out fake appeals for donations in order to get the money from gullible donors.

“Unfortunately, it’s always at this time of year that scammers pop out of holes everywhere and want to get involved somehow,” warns Peter Giesel. Florian Hansemann adds: “If we click on the ‘Donate’ button now, we end up on this crypto page. That means we have to transfer money to a crypto wallet and it’s pretty anonymous. In the end, the money is simply gone.”

Tips for avoiding donation fraud:

  • Be careful with appeals for donations that are sent via messenger services or text messages.
  • Check the authenticity of the donation organization before you make a payment.
  • Avoid payments to unknown crypto wallets or other anonymous payment methods.
  • If you would like to donate, do so directly via the charity’s official website or a trusted donation portal.

How scammers get our phone numbers and how we can protect ourselves

Every time we sign up for an online service, leave a comment in a forum or post a classified ad, we leave information that can be used by scammers. One of this information is our phone number, which is often used for scams via messenger services.

Hansemann explains that fraudsters often take phone numbers from online classifieds. “Every online user leaves a digital footprint,” he says. “Fraudsters can use this information to carry out their scams.”

But how can we protect ourselves against such threats? Here is some advice from Florian Hansemann, Dr. Marc Maisch and the experts at HanseSecure in Munich:

  • Be careful with your personal information: Only give out your phone number if it is absolutely necessary. Think twice before you enter your number in online forms or on social media platforms.
  • Use privacy settings: Many online services and social media platforms offer privacy settings that allow you to control who can see your personal information. Make sure that your phone number is only visible to trusted contacts.
  • Be skeptical of unknown callers or messages: If you receive a call or message from an unknown number, be careful. Do not disclose any personal information and do not click on unknown links.
  • Keep your devices and applications up to date: Many fraudsters use security gaps in outdated software to gain access to your devices. Make sure your devices and applications are always up to date.
  • Use security software: Install trusted security software on your devices. This can protect you from malware and warn you if you access a dangerous website.

The role of payment service providers and the need for protection mechanisms

Statement by the Federal Network Agency

The ease with which a fundraising campaign can be created today carries risks. Using tools to clone official websites, fraudsters can create a convincing “donation campaign” within half an hour, which at first glance looks like a legitimate initiative from organizations such as PETA or WWF. In such cases, it is essential that payment service providers take action and take measures.

Payment service providers such as PayPal play a crucial role in digital payment transactions. They enable fast and convenient transactions, but can also be misused for fraudulent purposes. Hansemann points out that fraudsters often use well-known payment service providers to create an impression of trust.

There is an urgent need for stronger protection mechanisms and legal regulations to protect consumers from such scams. Payment service providers should take more responsibility and take effective measures to detect and prevent fraudulent activities.

A simple identity check when creating a donation campaign could nicely deter a large proportion of fraudsters. In addition, legislators should enact stricter regulations for digital payments and ensure that consumers are adequately protected in the event of fraud.

Statement from PayPal

Conclusion

Fraud via messenger services is a growing threat that needs to be taken seriously. It is important to be aware of the various scams and to be cautious when receiving messages from unknown numbers or being asked to make payments.

Florian Hansemann and his team at HanseSecure offer valuable advice on how to protect yourself from such scams. This includes questioning messages that come from unknown numbers, checking the authenticity of donation organizations and updating devices and applications to be protected against malware.

Education and awareness of this type of fraud is crucial. It is important that we all do our part by informing ourselves, acting with caution and educating others about the risks.

You can watch the full Kabel 1 report on the SMS rip-off here.

Expert for cyber security - Florian Hansemann

You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information
Unblock content Accept required service and unblock content

Similar posts

Offensive Security Certified Professional Experience / OSCP Review

Today I would like to share my experience with OSCP from the guys at Offensive Security. Why OSCP? There are [...]

Read more

11. August 2017

New InfoSec Team spawned: BreachedSec

I decided to set up a new team of infosec professionals, because of a lot of project requests and my [...]

Weiterlesen

25. October 2018

HanseSecure as one of the top 21 – twice

It’s funny that two independent companies name the “21” cybersecurity and redteaming resources in the world. But I appreciate being [...]

Read more

8. July 2019

Podcast at Tech Data

I had a lot of fun with an anniversary edition of the podcast “Ones & Zeros, IT Simply Explained” at [...]

Weiterlesen

25. August 2020