Check Point Software Technologies have issued suggested security measures around detected 4G to 5G SIM upgradation phishing scams in India. The company further shared that the scammers have been posing as customer care executives of the respected telecom service providers, offering assistance to customers for upgrading their SIM cards from 4G to 5G. Their modus operandi was to send phishing links to coerce victims into disclosing personal and financial information. Check Point Software have proactively issued its recommendations to protect consumers from a such a scam.
Such scams were first reported when state-based police departments issued warnings about these ongoing cyberthreats. A tweet from the Mumbai Police informed followers of a new scam in which scammers demand money from victims in exchange for assistance in upgrading to 5G. The Twitter account for the Pune City Police, Gurugram police department and Hyderabad Cyberabad (cybercrime unit) department have also issued similar caution. According to media reports, the authorities have urged citizens to refrain from providing their OTPs to any telemarketers because doing so could result in the complete deletion of their bank accounts.
“We have observed a spike in the spread of SMS Phishing, which uses SMS messages as the attack vector for malware distribution. Using SMS messages as an attack vector may seem rudimentary, but just like email phishing, they are extremely efficient. These attempts often imitate trusted brands or personal contacts to entice the victim to click on a link or share personal details in confidence. This method has proven particularly successful as after one device has been compromised, its entire contact list is up for grabs, creating an endless cycle of possible victims,” says Sundar Balasubramanian, Managing Director at Check Point Software, India & SAARC. “We believe this is just the beginning for such scams. With the commercial availability of 5G and consumers excited to use the advanced services, such scams are bound to increase in number, particularly in the early phases of adoption when people are still finding their way around using the 5G services. We expect to see the number, scale and sophistication of these cyberattacks increase overtime. In such instances, adopting a prevention-first approach is the best approach.”
To avoid becoming a victim of phishing, Check Point Software recommends:
Enable two-factor authentication: sign into your accounts with both a password and one other method. It could be a question, biometric data or a one-time code sent to your device. This creates an extra layer of security that prevents an attacker from being able to access an account with just a password.
Use strong passwords: using the same keyword for everything, or simple combinations such as "123456" or "password", is making it too easy for cybercriminals. There are now a multitude of platforms that can generate strong, difficult-to-guess passwords with upper- and lower-case letters, numbers and symbols. Although we can also create them ourselves, it’s important to remember to use different combinations for each service.
Learn how to recognize phishing: when an attacker sends a phishing email, there are usually some common identifiable traits such as misspellings or the fact that it asks for credentials to be entered. A company will never ask for a customer’s credentials on email. If in doubt, always go to the official page or platform of the company you want to access.
Always keep software updated: it is always advisable to update to the latest version of a company's software as this is the way that they correct security errors of previous versions.
Check Point’s Threat Intelligence reports that an organization in India is being attacked on average 1742 times per week in the last 6 months, compared to 1167 attacks per organization globally, with 4.9% of malware attacks via mobile (Global 1.8%). With India’s escalating growth in having the second most smartphone users in the world (behind China) with 492.7million in 2021, and with the use of mobiles increasing in both the cities and rural areas, exacerbated by the WFH policy during the pandemic, mobile users need to be on their guard to expect t more of such smishing scams in the future.