Wednesday 15 June 2016

Text scams: The messages that allow criminals to break into your iPhone, and how to spot them

Mobile phones are increasingly becoming the most important part of people’s work and social lives – which means they’re more and more vulnerable to attack

The next text message you receive could ruin your life.

Increasingly, SMS messages are being used as a way of duping people into giving up their online accounts, and out of their identities and their money.
Many of those messages arrive looking perfectly innocent, and even useful. But they could be incredibly dangerous – and so it’s important to make sure to know how to spot them.

One of the major problems with such scams is that it is now relatively easy to pretend to be someone else, over text. The technology that powers texts allows people to put custom names in when they send messages – allowing people to easily pretend to be Google, Apple or anybody else.

iCloud scams


One of the more recent scourges coming over SMS are iCloud scams. They aim to trick people into giving up the password that they use to get into their Apple account – and, once hackers are into that, then they can easily get your bank account details, your location, and more scary stuff besides.
Most of these notifications just work like traditional phishing scams, where cyber criminals pretend to be a company so that users send them details. But because they are done through the very personal but notoriously sketchy technology of SMS, they can be easy to spot.

It isn’t clear why there has been such a huge amount of these in recent months, but reports of them definitely do seem to be surging. The advice is the same as traditional phishing: responsible companies will never ask you to reply to a message with your personal details, or tell you to click on a dodgy link, so make sure that you always only give your information to official websites and be careful that you are.

Two-factor authentication

Another more new development is tricks that try and get around the two-factor authentication that many products now have built in – and which, for the most part, serves as a big problem for people breaking into your account. That's why it's also become such a security risk.

Two-factor authentication works by attaching a phone number to a person’s account. When they try to log-in, it will send a unique code to that phone number, and that has to be typed into the site. It’s built to foil people who steal passwords and then use them to get into accounts, because it requires physical access to the phone; and that’s why people are now trying to get around it with scams.

One highlighted this weekend shows a message that claims to be from Google and tells people that their account may have been hacked. If they want to have it shut down, it says, they need to reply to the message with the 6-digit verification code that they are about to receive.