SMishing or IMEI Phishing?

Technically it’s not SMS Phishing… but it’s close:

    • Cybercriminals use the information requested on the web page to clone the smartphone for various uses, including stealing long-distance service from the subscriber or simply using a deniable, disposable smartphone for other criminal activities. In effect, the cybercriminals used phishing techniques to clone smartphones.

The strength of this phishing technique (on the cybercriminal side) is that the victim is enticed to go to a web page and put in your 15 or 17 digit IMEI number, or International Mobile Equipment Identity along with other identifying information.

Getting Geeky – IMEI and SMS Technology

This number is intended to reduce the effect of mobile phone theft. According to wikipedia the number is usually found printed inside the battery compartment of the phone and can also be displayed on the screen of the phone by entering *#06# into the keypad on most phones. This number is different than the SMS chip number found on GSM technology phones. SMS chips can be swapped out, but the IMEI number is sort of like your phone’s Social Security Number: it’s locked to a specific handset.

I would expect phone based phishing to take advantage of this trend as well so be wary of anyone calling you and asking for cell phone identifying numbers. You may think that this wouldn’t be targeted because it’s a little hard to dial the keypad or peel back the battery while you’re on the phone but some models will display the information right on the screen.

Securing Our eCity Contributing Writer

Author , ESET

Comments are closed.

Follow us

Copyright © 2017 ESET, All Rights Reserved.