I know it's a scam. It's been well documented that this sort of thing is doing the rounds... but what doesn't seem to be so well documented is what I'm supposed to do with it.
For those that don't know, this is what's known as a phishing scam. Or, seeing as it's sent via SMS message, a smishing scam. In any case, the key fact is that it's basically an attempt to commit fraud.
When someone falls for it they click on the link contained in the text... which takes them to a website that looks exactly like a corporate, Apple website.
It's a very convincing clone... and if you'd clicked on the link believing the message to be genuine, there isn't really any reason to suspect that it's not legit when you land here.
So I imagine plenty of people end up surrendering their Apple ID and password to the crooks responsible.
In some cases that would give them the ability to spend your money.
I used easily.co.uk to see what I could see about who had registered the domain icloudauditing.co.uk... and when. This is what I found...
As you can see, it was registered via internet.bs on May 14th 2016. That's today.
Using a site with a dot BS domain seems rather fitting, although it turns out that the BS actually stands for the Bahamas.
It claims it was registered by someone called Peter Dawson although I'd be highly surprised if they were foolish enough to use their real name.
I don't really know, but from the outside looking in, I reckon it's fairly likely that a Peter Dawson has paid for it... it's just he's someone who'd fallen for the scam previously and is, as yet, unaware that his account has been compromised...
If the text had come from a number I'd know how to report it.
But it doesn't. It comes from an account called 'WARNING'. It's impossible for me to reply to. Or to block. Or, it seems, to report. Apparently the only course of action available to me is to delete it.
Which doesn't seem very satisfactory to me. It's not very community minded, for sure.
If someone tried - but failed - to mug me in the street, I can't imagine many people advising me to just ignore it. Because surely they're the sort of person who'll move on and try and mug someone else. Surely we should report attempted crimes, not just successful ones.
But that doesn't seem to be possible when someone tries to mug me via my phone. Ignoring it and deleting the text is, I'm told, the only thing to do. I don't even have a way of preventing those responsible from sending me more of the same. It's only if I fall for it that people will do something.
When I get spam emails I know how to block them. Or how to block emails that are like them. I know that, even if an email is lying about where it came from, someone, somewhere is able to follow the chain and work out where it really came from. I assumed the same would be true with text messages.
It seems not. It seems it is possible for someone to send thousands - probably hundreds of thousands - of texts to people without anyone being able to unravel where they originate from. Is there a good reason for this route to my phone to exist? Is there a sensible way of shutting this path down? Are there buttons I could press that would mean I could only receive text messages from identifiable sources? If there isn't... um... why isn't there? I guess there might be a reason. Is it achievable? Wouldn't less people end up getting defrauded if it were?
I know a handful of vulnerable people who would absolutely fall for this. Certainly I know one person who's fallen for a similar scam that arrived via email. It just seems a little odd to me that the phone companies provide this route to us - but don't have departments devoted to preventing this sort of abuse of the system.
Have I been given bad information or is there genuinely nothing for the community minded soul to do about this?
23 comments:
Nominet (the .uk registry operator) have been aware of this phishing scam for at least a couple of weeks, but don't seem to be interested in doing anything about it :(
A large number of disposable Apple related domain names are being registered through internet.bs (a Nominet accredited channel partner!) and used in these SMS phishing messages.
You could try to email abuse@internet.bs, but I suspect that they won't be interested - generally registrars take the opinion that they aren't responsible for the content hosted on domains. The domain itself is violating trademarks though, so that could get the registration suspended (registrars can lock a domain if they suspect illegal activity, which will stop it working).
Also, internet.bs (much like Nominet) are almost certainly already aware of this, but are happy to keep pocketing the money. :(
The icloudauditing.co.uk web site is being hosted by UK2, so an email to abuse@uk2group.com will hopefully get the web site suspended.
Sadly, its a game of whack-a-mole - as soon as one is shut down, several more spring up!
Finally, you can also forward the SMS message to 7726 (see http://consumers.ofcom.org.uk/phone/tackling-nuisance-calls-and-messages/marketing-texts/) for your mobile operator to investigate.
You may find that your phone will allow you to block texts from sources outside your contacts, or a subgroup of trusted friends. I haven't tried, but it can certainly be done for calls...
Worth a look anyway.
Good luck.
Pod
Similar things happen offline with things coming through your letter box - fake charity bags and the like. You can't stop either I suppose.
I was chatting with a Year 7 class this week about how to trust the web, and they came up with a 5 star rating system applied to websites to give an indication as to its trustworthiness, which they would be compelled to display, like a hygine rating.
I'd suggest trying to contact Apple to let them know someone is breaking copyright, trademark and intellectual property to commit fraud and damaging their brand and see how fast their lawyers get stuck in
@Edward Dore - Thanks for that. You have information that I think my phone provider should have been able to furnish me with. I know that with all these things it's wack-a-mole... but if it wasn't possible to send a text without being traceable in some way it would go a long way to at least closing down this route.
@Pod I don't want to only receive messages from people I know. I don't even insist on me being able to see who has sent every message. I just think it's ridiculous that nobody can see who has sent a message. Traceability is all I'm suggesting.
I know I've received useful texts from both courier companies and my doctor's surgery who send them from some kind of no-reply service. I'm fine with that. But no-reply doesn't have to mean not-traceable. Those could be sent and if they were abused, there could still be a way of my phone provider following it up and identifying the computer it was sent from etc etc.
@Emma Spreadbury: there's not a lot you can do to prevent things coming through the letterbox - unless you happen to be there when it happens - but it seems to me that this could be traceable, it's just apathy that means it isn't. Whether it's the phone company that actually responds, it seems like there ought to be some way of wack-a-mole wacking a bit quicker. If I call my phone provider, shouldn't they say, "forward it to us and we'll take a look"? And couldn't they have a direct line to nominet to say "take this site down"?
I mean, once the right person knows about this happening they can turn the tap off. So all the companies who carry these messages need to do is set up a line of communication with the right people... and train their staff to respond to the information. The idea that the official advice to an attempted fraud isn't "tell us and we'll act to stop more people falling foul of it" but "there's nothing anyone can do" is just a bit silly.
It's probably Bono and when you put your details in - you'll download U2's new album
I keep getting one from iTunes saying it wants more than forty pounds for a game I know that I didn't buy any thing off them so I leave it be but some people would fall for it
Hi DG,
There's this nice guide that may help the community or at least worth sharing with friends and family.
http://www.moneysavingexpert.com/phones/stop-spam-texts
You can forward the text to "SPAM" for your network but I'm not sure how much help that would do. One hopes it would at least get blocked if enough people did it - which relies on getting the word out. You've more twitter followers than me. (To be fair your cat has more than me, how is HRH?)
As far as I'm aware no one is able to trace Internet numbers. They often come from networks outside of the UK and it makes it untraceable. This is, at least, what the police told me when I was trying to rid myself of a rather persistent telemarketer using the Internet to call me throughout the day. On the back of this I posed a hypothetical scenario to the officer I was talking to. If you wanted to embark on a campaign of harassment and you opted to use an Internet service to make calls/text. Could they do anything about it?
Shockingly, the answer was no.
As for the site, as has already been said, it's a game of whack a mole. In my opinion the best thing we can all do is try to educate one another about these threats.
Hi Dave, I used to work very closely with the teams within telecoms companies who exactly deal with these kinds of frauds. Unsurprisingly, they are known as fraud departments, though telecoms tend not to advertise about this.
While the majority of the telecoms fraud department's scope is about preventing frauds perpetrated against the telco, more and more they are being brought in to help address the frauds against telecoms consumers.
You can call the customer service of your telco and either tell them about the text message and/or ask them to put you in contact with their fraud team. Depending on how good the fraud team is, they may/may not know about these fraudulent SMS until it gets reported.
Once they do know about it, they can typically trace the source of the SMS (usually a compromised network device on a foreign telco's network - called an SMSC) and stop messages coming from that device. The problem is that this would also possibly stop all calls and SMS coming from that network (imagine all calls from Verizon in the US not being able to get through to Vodafone in the UK) - so that solution is rather extreme.
Some telcos have the ability to filter SMS coming into their network according to certain rules (how frequently they come, their size, etc.) to minimize the worst of these, but this becomes very difficult with a good chance of filtering out benign text messages. It's likely made harder by laws that likely make it illegal to parse the substance/content of an SMS.
Depending how deep you want to go down the rabbit hole on this, esp regarding the technology, this is a large/persistent problem that traces its roots to the fact that the telecoms environment does not function the way an IP-based environment does. It utilizes the architecture of a legacy telecoms environment known as SS7 (not by coincidence the network used to delivery SMS).
Because of how this environment is set up, telecoms networks are vulnerable to spam coming from *every other telecom in the world*. If the SS7 environment of a telco in Eastern Europe or Africa or anywhere else, that would make vulnerable the networks of any telco that interconnects with it.
And by their nature, all telecoms networks connect to each other. Which means if one of them gets compromised, it affects (i.e.: it can spam) every other telco in the world.
In a sense it's like having a compromised e-mail account that can then send out spam to every other e-mail account, only on a potentially larger scale, and in a much more obscure way that much fewer people understand. I've heard stories of fraudulent SMS' being sent basically to every single possible phone number in Greece, etc. from a single compromised system.
Contact me/reply if you want more information, though most of the detail I'd be able to provide would likely not easily be translatable into something funny... :P You can find more information about me here: http://www.fallingbeam.org/contact
(sorry, I accidentally deleted this comment previously)
Yeh other problem is that even when not a compromised SS7 system but a paid for SMS gateway, after some time you track it to being paid for by stolen card details, same as the domain. If you track the IP it may get you to someone that was sat outside a Starbucks using their wifi. And by the time you track any of this the accounts and domains have all been shut down and they are using new ones.
Would buy
I think there needs to be a lot more done to stop this, not to mention stamping out the various premium rate number scams. For starters, premium rate numbers should be banned and businesses should be made to register their numbers by law and not allowed to withhold them. It should be possible to block all overseas numbers too by opting out. I think it is disgusting and extremely questionable that more hasn't been done sooner.
Thanks for this Dave. I had the exact same message when on holiday but i thought why would i go through a link on my phone to check this? I only ever access itunes/applestore via my laptop and surely apple would email me if there was a true problem, so I thought no more about the message and deleted it.
Edward's advice is pretty sound. Unfortunately, the problem is a bit more complicated because as a user, you need a bit of technical nous to be able to go back and check other things like the audit trail for registration, and even using tools like dig and traceroute to find out extended networking information that would give you the clues about which networks and hosting companies are involved
Are these comments going to form a found poem?
Are these comments going to form a found poem?
if a poem here
crap at poetry you be
crap at haiku too
(going to assume that my comment keeps being deleted due to overly-aggressive spam filter because of the link I pasted at the end, though certainly if it's being moderated for some reason, that's fine too)
Hi Dave, I used to work very closely with the teams within telecoms companies who exactly deal with these kinds of frauds. Unsurprisingly, they are known as fraud departments, though telecoms tend not to advertise about this.
While the majority of the telecoms fraud department's scope is about preventing frauds perpetrated against the telco, more and more they are being brought in to help address the frauds against telecoms consumers.
You can call the customer service of your telco and either tell them about the text message and/or ask them to put you in contact with their fraud team. Depending on how good the fraud team is, they may/may not know about these fraudulent SMS until it gets reported.
Once they do know about it, they can typically trace the source of the SMS (usually a compromised network device on a foreign telco's network - called an SMSC) and stop messages coming from that device. The problem is that this would also possibly stop all calls and SMS coming from that network (imagine all calls from Verizon in the US not being able to get through to Vodafone in the UK) - so that solution is rather extreme.
Some telcos have the ability to filter SMS coming into their network according to certain rules (how frequently they come, their size, etc.) to minimize the worst of these, but this becomes very difficult with a good chance of filtering out benign text messages. It's likely made harder by laws that likely make it illegal to parse the substance/content of an SMS.
Depending how deep you want to go down the rabbit hole on this, esp regarding the technology, this is a large/persistent problem that traces its roots to the fact that the telecoms environment does not function the way an IP-based environment does. It utilizes the architecture of a legacy telecoms environment known as SS7 (not by coincidence the network used to delivery SMS).
Because of how this environment is set up, telecoms networks are vulnerable to spam coming from *every other telecom in the world*. If the SS7 environment of a telco in Eastern Europe or Africa or anywhere else, that would make vulnerable the networks of any telco that interconnects with it.
And by their nature, all telecoms networks connect to each other. Which means if one of them gets compromised, it affects (i.e.: it can spam) every other telco in the world.
In a sense it's like having a compromised e-mail account that can then send out spam to every other e-mail account, only on a potentially larger scale, and in a much more obscure way that much fewer people understand. I've heard stories of fraudulent SMS' being sent basically to every single possible phone number in Greece, etc. from a single compromised system.
Contact me/reply if you want more information, though most of the detail I'd be able to provide would likely not easily be translatable into something funny... :P
As others have said, forwarding the message to SPAM / 7726 seems to be the best approach.
(This number varies by country, but is the same in UK and US: http://security.stackexchange.com/questions/94758/how-to-deal-with-sms-spam
FYI: It seems that where the message has a blue background (as in your image) it's not an SMS, but an iMessage. For those, Apple has a `Report Junk` option (iOS 8.3 and above), or the message can be forwarded to imessage.spam@apple.com. Full Apple support article here: https://support.apple.com/en-us/HT202747
Apple's legal site also advises how to handle phishing mails; but the same system could likely be used for other communications: http://www.apple.com/legal/more-resources/phishing/ - if enough people use the system in a certain way, they'll set up processes to handle the new content.
For those on Android, the messaging app includes a Spam manager (at least, the LG G3 does; I tried to find a generic article but most mention the same model as I use, so this may be a customisation). https://support.t-mobile.com/docs/DOC-21877
Worth noting is that most modern browsers offer protection by monitoring for fraudulent sites and blacklisting them, warning any users who attempt to navigate to such sites. https://security.googleblog.com/2016/02/no-more-deceptive-download-buttons.html
Apologies for the upcoming buzz words...
A while back I heard reports of joined up thinking between ISPs, device manufacturers and software & security vendors to open up methods to allow spam, phishing, and infected messages and sites to be reported to a central knowledge base; using a big data approach to detect for and block issues. I'm struggling to dig that article up now though / wonder if anything ever came of it, or if the system was abused (e.g. botnets reporting legitimate businesses to get them blacklisted, so that the noise to signal ratio of issues made the task impossible).
I suspect many companies are doing these things in the background with traffic analysis; but are ignoring (i.e. not taking) user submissions because they've not yet learnt how to filter false reports... but that could be naive thinking on my part.
Post a Comment