/projects‎ > ‎ss7/ОКС7‎ > ‎Fraud schemes‎ > ‎

Phishing schemes using SMS payment

posted 1 Sep 2010, 21:27 by Fyodor Bom
Common to see phishing web sites which abuse sms payment gateways.  Typical services, which are offered by these gateways are: SMS-key, SMS-safe, SMS-bank.

SMS-key -> user sends sms to a number and enters verification code (max. payment around $5USD)
SMS-safe -> similar to SMS-key with the only difference that the available balance is higher ($30USD) and each transaction needs to be confirmed by Operator.
SMS-bank -> larger transactions. typically require additional paper work.

The actual fraud scheme is quite straight-forward. The billing is registered with one of billing providers (i.e. www.smscoin.com ) for fake shop that sells *air* and then promoted using spam-dvertising. The goal is to collect a small amount of money from a large number of people. To prevent "blacklisting" by the billing system, refund requests are honored.  Initiator of the fraud is typically collecting 45% of SMS "value".

Various methods utilized to trick users into sending SMS messages to fraudilent numbers. (scareware, "to unlock your number, send message to X", etc..)