Today ASK YOUR FRAUD EXPERT post is dedicated to SMS grabbing attacks. Let’s ask our Fraud Expert how to manage them.
What is an SMS grabbing attack?
An SMS grabbing attack is widespread on Android mobile devices whose goal is to intercept the user’s SMS used as a second authentication factor or account recovery code.
What are the main objectives?
This type of attack has banking services and payment platforms as its ideal target.
How does it develop?
When the attacker activates the malware, all received SMS messages are intercepted and forwarded to the attacker, preventing users from receiving or reading them.
Strong identification mechanisms or account recovery based on SMS or telephone calls can easily be the object of such attacks, compromising the possibility of validating the user’s identity.
How to manage it?
It is necessary to define a defense strategy by monitoring endpoints and user behavior to protect the services from SMS grabbing attacks:
• Detect and block the threat: identify the presence of an SMS grabbing trojans in the user’s device before exposing sensitive information or functionalities;
• Use strong, un-phishable, and untraceable authentication. Avoid allowing other mobile applications to intercept an OTP somehow.
• Detect behavioral anomalies in the interaction with the service that may lead to suspect that these are not operations requested by the legitimate user.
DON’T WORRY…ASK US FOR HELP!
The XTN Cognitive Security Platform® allows you to protect your services from SMS Grabbing attacks.