Police have arrested a teenager after disrupting a 'sophisticated smishing scam' using new technology never seen in New Zealand before.
Authorities have described smishing - a form of phishing - as when a device known an 'SMS Blaster' is used as a fake cell tower and tricks nearby cellphones to connect to its fraudulent network.
This 'SMS Blaster' has reportedly sent thousands of fake texts claiming to be from banks - in order to encourage people to share their passwords, account details and other sensitive information.
National Cyber Security centre team lead Tom Roberts says the messages look professional.
He explained people click on the link thinking it's from the bank or insurance company - without realising they're entering in details for someone to steal.
LISTEN ABOVE
See omnystudio.com/listener for privacy information.
Episode Transcript
Police have disrupted and arrested a teenager over a smishing scam.
I've never heard of the term either. Smashing uses technology
ever seen in New Zealand ever before. It involves sending
fraudulent text messages that are pretending to be from places
like banks in order to trick pill into sending into
sharing sensitive information. So the device in this case is
(00:22):
believed to have sent thousands of scam text messages, including
about seven hundred texts in one night. Tom Roberts is
the National Cyber Security Center's team lead for Threat and
Incident Response and is with us this evening. Calder, Good evening, Jack.
Speaker 2 (00:38):
How are you?
Speaker 1 (00:38):
Yeah, very well, thanks. I'd never heard of smishing until
right now. So how does this technology work?
Speaker 2 (00:44):
It's gord an old term, isn't it. It's something that, yes,
for the first time we've seen the So what it
does is a tower, ef faked tower tricks your phone
through four G five G down to two G where
there's a lack of sort of mutual authentication and encryption,
and then it will blast out if asses to whoever,
and they can the people that are making these misses
(01:06):
can basically put whatever they want in there. It could
have no links, it could have to be full of links.
But yeah, they get their money through pretending to be
something authentic.
Speaker 1 (01:15):
So they basically send out heaps and heaps of spam
texts and scam texts. Then they wait for a response
and hope that they're able to elicit personal information from
those responses.
Speaker 2 (01:28):
Yeah, and worryingly, what you can do with these mess
blasting attacks is that you can pretend to be a shortcoat.
So you know a tailco number one of the ones
a band tour.
Speaker 1 (01:41):
Yeah, so instead of saying from from oo to seven
six four four three nine eight seven, it says from
one for zero four, So it looks kind of professional.
Speaker 2 (01:51):
Looks very professional, hard to distinguish. And then you click
on the link saying, oh, well help, maybe insurance is
due or whatever, and good on the assurance company, your
bank for getting in contact with meybe, and all of
a sudden you're entering in your details for someone to steal.
Speaker 1 (02:05):
How hard is it to get your hands on tech
like this?
Speaker 2 (02:10):
Well, it's if you know how to do it, you
can get it.
Speaker 1 (02:15):
So you're not going to tell us how to do it.
That wouldn't be very nice.
Speaker 2 (02:21):
I don't think the employee would be too happy about that.
The Internet's a big place, so yeah, someone that wants
to has the inclination to do so, can do it.
I would say that it's exceptionally easy to see, and
that's why DIA police has been able to be so
quick on this. They've really done a fantastic job that
(02:41):
shotting this down quickly.
Speaker 1 (02:42):
How do you identify it?
Speaker 2 (02:45):
The telcos and di and the banks, so anomalies and
then reports going through them, and then they're able to see, oh,
actually there's a fake cell power that keeps on popping up,
and then you know, you can just sort of follow
your nose.
Speaker 1 (02:57):
Right, Okay, So a nineteen year old is believed to
have been behind these text messages and is going through
the legal proceedings at the moment. Do you need to
be technically literate in order to use this kind of technology?
Speaker 2 (03:12):
Yeah you do. Yeah, you don't have to be quite
technically literate, and you're quite quite young to be that
technically literate. It's something that typically the knowledge only exists
within the telecommunications or radio spectrum community. But yeah, it
is available, and obviously this person has found it and
(03:35):
tried to make best use of it unsuccessfully.
Speaker 1 (03:38):
Yeah, okay, I'm going to give you an opportunity just
to do the PSA. Then, if you get a text
asking some personal information, even if it looks official from
something like one for zero four, what do you do, Tom, Yeah.
Speaker 2 (03:48):
You don't click the link. Don't click the link. Report
it to di IA on seventy seven two six. I
think test. Don't deal with it. They'll stop it and
you'll be reflected.
Speaker 1 (03:57):
Yeah, very good. Thanks for your time, Tom. That is
Tom Roberts, who is the team lead for Threat and
Incident Response at the National cyber Security Sentaries. For more
from Heather Duplessy Allen Drive, listen live to news talks
it'd b from four pm weekdays, or follow the podcast
on iHeartRadio
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.