Johns phone beeped and vibrated and an urgent message popped up on his screen. “We’ve found unusual activity on your account, Contact the bank immediately at 1-888-724-3524”
The message looked like one of those urgent disaster alerts that appear during emergencies, however it was nothing more than an impersonation scam using Flash SMS – a trend that banks are reporting is happening with increasing frequency.
What Are Flash SMS Messages?
Flash SMS, technically known as “Class 0 SMS,” are special text messages that appear immediately on a recipient’s screen without being stored in the phone’s inbox. They are also called “Pop Up SMS”.
They take over a users phone, until the user interacts with it.
Flash SMS has been around since the late 90s, and they are designed to have messages be “more attention grabbing than standard SMS” by displaying them directly on a phone screen without requiring the person to open a message.
They also disappear after you dismiss them. Flash SMS message create an immediate sense of urgency. The message takes over a persons screen, demanding attention and action. It can make people afraid too and on edge.
How Scammers Are Exploiting Flash SMS Now
Fraudsters have discovered that Flash SMS provides the perfect vehicle for their scams. This style of messaging “is now being hijacked by criminals to rip people off,” according to NAB Head of Security Culture and Advisory Laura Hartley.
“The current bank impersonation scam trend is focused on trying to get people to ‘call’ NAB and that’s what we see in these messages customers have had reported to us. A few years ago, text messages were much more focused on trying to get people to click a link.”
Banks in other parts of the world are also reporting these flash messages.
Banco De Oro claims that customers are receiving flash SMS messages warning them that their account has been compromised and requesting an urgent call back.
Flash SMS Bypass A Phones Security
Flash SMS messages are typically sent by criminal organizations because they require them to be sent through an SMS API service. These services can bypass a phones security.
These are some of the methods fraudsters are using to carry these scams out.
- SIM Farms – They are sent by bots from racks of SIM cards
- Bulk SMS Gateway – They use bulk SMS Services
- Spoofing Tools – They use spoofing tools to use the banks phone
- SMS Blasters – Vans roam a city blasting messages
Using these methods, scammers can distribute these flash SMS messages at scale while hiding their true identities.
There is a simple solution, users can simply turn off these SMS messages from popping up on their screens in the phones settings.
We’ll keep an eye on this trend.
