Cybercriminals are using SMS scams to run several types of money-stealing mobile attacks on North American banks. This session will use real-world data obtained from various mobile carrier networks showing cybercriminal activity to provide a unique, valuable look into the methods used by cybercriminals.
We will use data from actual attacks to provide a detailed and in-depth view of the various techniques used by cybercriminals as well as the linguistic evolution of SMS bank scam attacks. We will analyse the changes in SMS messages in relation to the bank scams within months and days, as well as showing the techniques that the attackers are using to bypass and defeat defences in place.
The session will present statistical detail on various aspects of the attacks, including the average number of messages sent per attack per day. We will also look at one of the most important subjects, and the reason why these attacks are so successful: how scammers get hold of recipient / victim cell numbers. We will look at the relationship between the recipient numbers and the attacked financial institutions and at what correlations can be made. We will provide visualizations of attacks, showing how they grow and spread over time. We will graphically present the evolution of a single attack from the very beginning through its detection and containment. In addition, we will analyse the reasons for the high prevalence of mobile attacks in North America vs. attacks in Europe. Finally, this presentation will analyse the most important questions related to the modern state of SMS scam security mechanisms.