SMS 13033: Smishing in the time of Covid-XNUMX: The TwelveSec team, in the context of service delivery cyber security and ongoing research in the field, identified a security gap in 13033. This problem can be used by criminals to deceive the public.
During the current pandemic , the GSM network is used by the states around the globe for sending SMS notifications to the public. In Greece the GSM network is used to send a message to 13033. Due to a twenty-year-old issue that still plagues online SMS platforms, Greek citizens need to be aware of Smishing (SMS Phishing) attempts.
Η TwelveSec, in the context of the principle of "Responsible Disclosure", contacted the competent state authorities immediately, informing about the security problem in GSM technology - on the basis of which the automatic sending of SMS from 13033 is possible - and proposing the notification of the issue to the general public.
More specifically, the public should be informed that they should under no circumstances visit any URLs received by the XNUMX service and that the XNUMX service will not send any messages to them requesting to pay any fines, or asking them to take any action at all; for this purpose, only the GSM alert service would only be used.
Possible criminal acts could lead to data breach , but also in other equally illegal acts, as it is possible to spoof the SEND ID in order to send SMS updates to recipients pretending to be from the original 13033 service number. This action has the potential to trick the recipients in this particular case the general public, in clicking on malicious links, downloading malicious software, or by using Social Engineering and potentially scare tactics to scam recipients into paying a “fine” or something of a similar nature.
Twelvesec is sending the following message to everyone:
"We ask you to ignore any message sent to you from 13033 and to inform the authorities immediately."
* SecNews thanks him Researcher Dimitris Mitrou for the research article on locating the security gap.