Beware of treacherous short messages

How not to fall for the tricks of criminals.

Digitization is not only an opportunity and a challenge for society - criminal energy is also seeking its digital way to us. It reaches us by email, but increasingly also by text message or as a short message in a communication app. Protect yourself with our tips.

Harmful short messages often look as if they were sent by a well-known company. For example, a supplier announces a package via SMS, or a mobile phone provider might be granting you extra minutes. Actually, we should have already become suspicious, because the sender is a mobile phone number that may be completely unknown to us. Clicking on the link in the message can cause damage. 

This is how the SMS scam works

With so-called smishing (a combination of SMS and phishing), criminals rely on consumers unknowingly revealing their access data or downloading malware. The text messages sent with criminal intent can have many faces. 

  • A link is included in the message, which the recipient is supposed to click on to retrieve further information. Behind this, however, is either a manipulated website or the download of a malicious program.
  • Contrary to the widespread opinion that owners of Apple phones are automatically protected at this point, they should also be very careful. It is true that the malware used by criminals cannot infiltrate the cell phone. But they could try to steal the Apple ID and password.
  • Users of a smartphone with an Android operating system that is not optimally configured are more vulnerable. Here, clicking on the sent link can set a process chain in motion. A malware program is loaded and installed on the phone. Among other things, the malware families that are particularly active in 2021 are aiming for widespread distribution. So the contacts in the address book initially also receive such SMS messages.
  • Depending on the mobile phone contract, this can theoretically incur costs. As a result, the software can now reload a banking Trojan, start an extortion attempt or cause further costs via premium services. 

If you are wondering why the scammers got your number: Unfortunately, this can have many reasons. For instance, your contact information might have been collected from a hacked forum, a mail-order company with a data leak, or social media. Someone who had your phone number stored in their cell phone has already become a victim. Or the criminals may have just used an automatic number generation program and contacted you randomly. So, for all these reasons, you should basically think about what data you disclose and where.

How to defend yourself against criminal SMS messages

Basically, the nasty scam only works if you act. As long as you do not react to the message, nothing happens. Simply delete it. By the way, simply receiving SMS messages costs nothing. Why doesn't the telecommunications industry simply filter out such short messages? In the case of SMS, the content is protected by the Telecommunications Act in Germany, unlike e-mails, for example. The content must therefore not be analyzed and cannot simply be sorted out.

  • If you receive a text from an unfamiliar sender or from unusual phone numbers, you should be wary. This also applies if the text is really general and tells you to do something without addressing you personally.
  • Don't be tempted by urgent-sounding messages to call back or click on links. Think about it calmly. If you know the supposed sender, ask whether the SMS they sent is genuine.
  • Only disclose your mobile number if it is really necessary. 
  • Do not click any links in SMS messages. It is also best not to click on short messages from people you know. Their address books could have been hijacked as well.
  • Install a protection program for your smartphone and check the device regularly.
  • Keep an eye on your mobile phone bill or mobile connection budget to spot unusual charges early on.

In case of an infection, put your phone in flight mode first. This will cut off contact with the malware's control system. Now manually back up pictures, information and contacts that you urgently want to keep. Afterwards, reset your phone to factory settings. Thus, the malware will be removed as well.

Preventive on Android smartphones: Deactivate the setting: "Allow software installation from unknown source/origin"; for newer versions: Allow app installation only for Google Play Store.

Further reading