Texts of Deception: Unveiling Smishing, the Dark Side of SMS in Crypto

<p>In an era
where free messenger apps have almost completely dominated traditional text
messages, it might seem that after over 30 years, popular “texts” have already
become obsolete. Although we do not use them in everyday communication, they
are still willingly used as a common medium for marketing and promotion.
Unfortunately, not only among legitimate businesses but also among scammers.</p><p>After conducting
our own analysis and conversations with industry experts Finance Magnates
can clearly confirm that SMS scams are still a common problem, especially in
the cryptocurrency industry. Unscrupulous actors exploit very simple loopholes
in outdated technology by impersonating popular brands, trying to steal user
data. Exchanges, on the other hand, are helpless to stop them and honestly
admit that nothing can be done about it. But is that really the case?</p><p>WhatsApp Most Popular, SMS
Still Most Ubiquitous</p><p>90% of the
world's population, over 7 billion people, use mobile phones. And although the
vast majority of them get some kind of coverage, only half have regular access
to mobile internet. </p><p>Statistics
clearly show that in recent years the number of messages exchanged via internet
messengers has outclassed SMS. WhatsApp has 2.4 billion active users every month,
Facebook Messenger 2.1 billion, and WeChat gathers 1.2 billion. </p><p>Even with
these huge numbers, traditional texts are still the most common way to reach
the widest possible audience. For the purposes of this article, I specifically
reviewed my SMS history. 90% of them are advertisements or messages with
security codes used for logging into various services and two-factor
authentication (2FA). This is exactly where scammers see their chance. And as
it turns out, the imperfect technology of sending SMS makes it much easier for
them.</p><p>According to the recent "Scam Prevention Survey" by the Finance Magnates Group and <a href="https://www.fxstreet.com/info/prevention" target="_blank" rel="nofollow">FXStreet</a>, nearly 22% of respondents admitted that SMS is one of the most common forms of scam they encounter, more frequent than scams on Twitter. <a href="https://fxstreet1.typeform.com/to/lfSpVpPY?typeform-source=email-button" target="_blank" rel="nofollow">Participate in the survey</a>.
</p><p>“Banks and
exchanges still offer SMS for 2FA despite it being one of the worst 2FA options,”
explained Fraser Edwards, the CEO at cheqd, the infrastructure provided for
Trusted Data markets. “It carries a potential of SIM swap fraud or sim hacking
where a fraudster uses stolen identity documents to have a network provider
reassign a phone number to a SIM under the fraudster's control.”</p><p>How Easy It Is To Become A
Victim Of Crypto Scammers</p><p>The
inspiration to write this article <a href="https://www.financemagnates.com/cryptocurrency/exclusive-scammers-impersonate-binance-but-exchange-says-theres-nothing-it-can-do/" target="_blank" rel="follow">was an SMS I received some time ago</a>,
allegedly from Binance. It informed that a reward was waiting for me to
collect. The message appeared in a thread signed by my phone as
"Binance", displaying also previous texts from the <a href="https://www.financemagnates.com/terms/e/exchange/">exchange</a> with
verification codes for logging in.</p><p>Before I
clicked the link full of euphoria, I noticed that the page address
(binance.token-mbox) was far from the official domain used by the world's
largest crypto exchange by volume. It turned out that at the same time, many
other Binance clients from Poland received a similar SMS. I asked the exchange
itself for comment on this matter, which openly stated that to eliminate texts security loopholes, the entire GSM technology would have to be modified. This,
however, seems unrealistic at the moment.</p><p>“To
eliminate this security loophole in SMS, the entire world would have to modify
this technology, which seems unrealistic,” Binance commented.</p><blockquote><p lang="en" dir="ltr">Today’s smartphone users are vulnerable to SMS <a href="https://twitter.com/hashtag/phishing?src=hash&amp;ref_src=twsrc%5Etfw">#phishing</a> attacks. Cybercriminals have easy access to <a href="https://twitter.com/hashtag/SMS?src=hash&amp;ref_src=twsrc%5Etfw">#SMS</a> gateways capable of sending large volumes of text msgs, enabling mass SMS spamming &amp; phishing scams to reach phones quickly &amp; repeatedly <a href="https://t.co/Hwl7qcJ1eM">https://t.co/Hwl7qcJ1eM</a> <a href="https://twitter.com/securityblvd?ref_src=twsrc%5Etfw">@securityblvd</a> <a href="https://t.co/gAV5FnmUdV">pic.twitter.com/gAV5FnmUdV</a></p>— SlashNext (@slashnextinc) <a href="https://twitter.com/slashnextinc/status/1752412805968351611?ref_src=twsrc%5Etfw">January 30, 2024</a></blockquote><p>Two years
earlier, the exchange's former CEO Changpeng Zhao had already warned about
frequent attempts at <a href="https://www.financemagnates.com/terms/p/phishing/">phishing</a> and data theft via messages impersonating the
platform.</p><blockquote><p lang="en" dir="ltr">There is a massive Phishing scam via SMS with a link to cancel withdrawals. It leads to a phishing website to harvest your credential as in the screenshot below.NEVER click on links from SMS! Always go to <a href="https://t.co/9rMMAmtCxH">https://t.co/9rMMAmtCxH</a> via a bookmark or type it in.Stay <a href="https://twitter.com/hashtag/SAFU?src=hash&amp;ref_src=twsrc%5Etfw">#SAFU</a> <a href="https://t.co/erNwe90FN1">pic.twitter.com/erNwe90FN1</a></p>— CZ