Google has issued a warning for smartphone users and you need to take this seriously. One reason is because this warning comes from Google and the second reason is because of how these attacks work. Imagine criminals able to send you malicious SMS text messages directly to your phone bypassing the mobile network. You might be wondering how such an attack is even possible and what you can do to prevent it from happening to you.
SMS Blasters bypass your wireless provider to send you malicious texts
These attacks use something called SMS Blasters which trick phones into making a direct connection with an attacker's radio device by making it seem as though it is a real network access point. Since attackers aren't using a mobile network to send their malicious texts to victims, they don't need a list of phone numbers belonging to potential victims to target. Instead, the cyber crooks pick a specific area to target. This is most likely a high-income area with plenty of wealthy phone owners.
Recently an SMS Blaster-wielding attacker was caught in the U.K. His capture led police in the U.K. to warn that these criminals will try "to bypass fraud prevention measures designed to protect consumers [to] steal personal and financial information, so it’s important that customers are alert to potential threats of fraud, particularly text messages." Google points out, as we did earlier, that injecting text messages directly into victims' phones bypasses the victim's carrier network. As a result, all of the fancy anti-spam features and anti-scam filters offered by a carrier will basically do nothing and offer no protection.
Google says that it has seen the "SMS Blaster fraud" in multiple countries. Additionally, Google says that there is evidence "of the exploitation of weaknesses in cellular communication standards leveraging cell-site simulators." The company says that the first thing you need to do to save yourself from becoming a victim of these attacks is to disable 2G networks on your phone.
2G is so insecure compared to more recent networks, even 3G. 2G is disabled by default if you have Android 16’s new Advanced Protection Mode enabled. The police also advise you to disable 2G on your phone. Here is the thing you need to be on the lookout for. Even in areas where 2G has been completely disconnected, your phone will still connect to a fake cell access point if it has 2G enabled.
To disable 2G on your Android 16-powered phone go to Settings > Security & privacy > Advanced protection. From the Advanced Protection page, toggle on Device protection. This one toggle will detect suspicious activity indicating your phone has been stolen. When the device is locked, it limits new UBS connections for charging only. It also will force your phone to reboot if it's locked for 72 hours. It also prevents 2G calls (except in emergency situations).
Unlike Android, the only way to disable 2G on the iPhone is to use Apple's nuclear Lockdown Mode option which is designed for those who are targeted by attackers because of who they are. This mode, when enabled, severely limits your iPhone's functionality to help protect the user.
While the SMS Blaster could be a major problem if you find yourself in the range of one, Trend Micro said in its latest report that the number one threat on smartphones last month remained "cybercriminals using their regular tactics in trying to scam consumers, with scammers impersonating well known brands such as PayPal, Netflix, Mater Lotteries, Toyota and Google." Trend Micro reminds you that "the golden rule of any scam, online or otherwise, is that if something sounds too good to be true, it probably is."
Watch out for these red flags!
Trend Micro says to watch out for an "Unexpected contact." The firm says, "Remember, genuine organizations don’t contact you out of the blue, asking you to disclose personal or financial details via a text message."
Also, watch for spelling and grammatical errors. "If a message doesn’t look professional, that’s a red flag that it’s probably a scam. Legitimate organizations rarely make glaring spelling or grammatical errors in customer communications."
Lastly, if a message isn't relevant to you, it is probably a scam. If you aren't waiting for a package to be delivered, texts about a parcel are bogus. If you didn't enter a sweepstakes or a contest, texts related to those are fake. If a message is about a gift card, did you buy one from the retailer mentioned in the text? If not, well, you know what I am going to say.
Many Pixel users don't know what features they have to help them fight back against malicious messages. To help, Google is reportedly looking to integrate Scam Detection and Call Screen features into the Pixel setup process helping Pixel users know what features need to be enabled for their protection.