Estonian residents have been hit by a wave of fraudulent SMS messages: How do they get your number and how to recognise fraud?
Text Mark Taylor Photo Elisa
During the last few weeks, the number of SMS phishing scams spreading in Estonia has increased dramatically, which are mainly sent out under the name of Omniva or Netflix. In most cases, the goal of these schemes is to trick victims into giving out their usernames and passwords, to gain access to their bank accounts, or steal other data. But how do criminals find phone numbers and send messages and how do you recognise a fraudulent message?
Mai Kraft, head of information security at Elisa, explained that the last major wave of phishing messages started at the beginning of May, and judging by the style of writing, there is a high probability that one group of criminals is behind their sending. The messages mainly indicate that a package has arrived at Omniva and in order not to send it back, you need to go to a certain page and enter the necessary data there. However, in other cases, Netflix is imitated and victims are redirected to a fake Netflix page.
“The Omniva and Netflix pages used in the fraud are similar to the original, however, they have nothing to do with the alleged companies, and by entering your data in the text boxes, it is directly going into the hands of criminals,” she explained. “The best way to distinguish an original from a fake is to look at what’s written in the address bar – if it doesn’t have a familiar Omniva or Netflix web address, it’s a scam,” Kraft explained.
While the two aforementioned companies are currently the main ones being imitated, Kraft emphasized that it is also worth being vigilant about the messages sent by other institutions. Criminals are constantly changing their approach, and as potential victims get used to today’s schemes, another approach will be found.
How do the criminals find your number?
“In the case of the wave of fraud spreading at the moment, it seems that it is more about the use of phone numbers that can be found publicly on the Internet or numbers that have been tricked out in other ways. For example, someone may have organised a lottery, asked people to add their phone number, and now messages are being sent there,” she said. “Numbers can also come from public sources, such as simply found using Google or picked up on social media.”
In that regard, Kraft recommends being careful when posting your phone number publicly and understanding that once a number is published online, it will most likely always be found. Fraudsters can also find your number in places that you might not even think of at first: on a car sale ad, on Facebook Marketplace, on an employer’s contact page, or on any other page that can be easily found through search engines.