Forbes contributors publish independent expert analyses and insights.
America's smartphone users are now under attack from Chinese organized criminal gangs "flooding" phone networks with malicious texts. And now you are warned these attacks are "a significantly more extensive and complex threat" than we thought.
You've likely seen countless reports by now as the threat has escalated over the last 18 months. Fraudulent messages claiming undelivered packages or unpaid tolls or DMV fines or Amazon refunds or bank security checks or account lockouts. A small number of these Chinese gangs are driving the threat, none more so than the Smishing Triad.
The latest report from Palo Alto's Unit 42 warns users to beware any texts from the Philippines, which start with the dialing code +63. If you receive any texts from numbers beginning +63, do not open them unless you specifically know the sender. And then, per the FBI's advice, delete the texts from your iPhone or Android phone.
The format of these scam texts is always the same. A fabricated or impersonated sender, an urgent lure with a call to action, and then a link. Clicking that link leads to a fake webpage that steals your personal data, your passwords or your money.
Unit 42 says the domains in those links are specifically crafted to match the lure, to trick users into clicking. The team has reported "more than 10,000 domains involved in smishing scams," and has "found and blocked over 91,500 domains."
Unsurprisingly, "the majority of these domains are registered through Dominet (HK) Limited, a Hong Kong-based registrar and use Chinese nameservers."
Almost 40% of these domains are live for 48 hours or less, that's all the time needed to send messages to attack your phone. Almost none of the domains remained active beyond two weeks. This campaign registers new domains on an unimaginable scale.
You should not engage with any text messages unless you can independently verify the sender. You should never click links in texts -- Apple's new spam message filter blocks links for this very reason. The fact so many texts come from +63 numbers gives you an even faster trigger to hit delete and despatch the threat from your phone.
"Exercise vigilance and caution," Unit 42 says, as it highlights the staggering scale of these Chinese attacks. "People should treat any unsolicited messages from unknown senders with suspicion." That means verifying before engaging "without clicking any links or calling any phone numbers included in the suspicious message."