Phishers lure victim with text message

A Chinese man has been conned out of more than AU$20,000 after falling victim to a text message-based phishing scam.Last week, an individual identified only as Mr Wang from Beijing received a text message on his mobile phone warning him that he had bought goods worth 18,000 yuan (approx AU$3,000).

A Chinese man has been conned out of more than AU$20,000 after falling victim to a text message-based phishing scam.

Last week, an individual identified only as Mr Wang from Beijing received a text message on his mobile phone warning him that he had bought goods worth 18,000 yuan (approx AU$3,000). According to the China Daily, Wang had not used his credit card and chose to call the number on the message to find out what was going on. After leaving his card number and password for "further identification", his credit card was cleaned out leaving him with a bill of more than AU$20,000.

"Legally, the sending of short messages containing text or pictures with pornographic content or false content, violates regulations, pollutes society and spreads a very bad influence," an expert from China's Ministry of Information Industry told China Daily.

This is one of the first instances of someone being duped by a phishing text message but security experts believe it is a sign of things to come.

Two years ago, most phishing e-mails consisted of crude e-mails with links to fraudulent URLs that contained badly designed forgeries of financial institution's Web sites. Phishing has since evolved into a sophisticated scam that often takes advantage of known flaws in browsers and operating systems to dupe even the most savvy PC user into divulging their personal details.

Text messages are an obvious choice for phishers because mobile phone users are more likely to expect phishing attacks to come via e-mail, according to James Turner, security analyst at Frost & Sullivan Australia.

"As with all good social engineering, people think they are immune to it. There has been so much talk in the press and from vendors about phishing and it has all been e-mail-orientated so the last thing you are expecting is a dodgy SMS," said Turner.

According to Turner, criminals launching phishing attacks are likely to use any form of communication available to them in order to fraudulently extract money from their victims.

"We can expect criminals using technology to their nefarious means a lot more -- whether that means text messages or e-mail or whatever. I do think this is a sign of the times. They will use whatever is going to do the job," added Turner.