Have you ever received an SMS to your smartphone that asked you to follow a link for more information? It could be a delivery notice from an online store or postal service, or a notification of a new voicemail. Maybe the SMS seemed a bit off, and you might have wondered whether you should click the link or not. But you wanted to know where your parcel is or who left a message, so you went on and clicked it anyway.

This is exactly what happened to hairdresser and entrepreneur Loredana Bartels. She received an SMS. First she thought it was a message from a new customer who wanted to make an appointment, but then she received another SMS, and found it suspicious. She still clicked the link. Nothing seemed to have happened; there was no voicemail. This left Loredana worried.

Loredana isn’t the only one. Many other small business owners and employees in Switzerland have recently been targeted with SMS phishing attacks, named Flubot. SMS phishing – in other words smishing – is a type of a cyber attack. It tricks you into clicking a link or installing a malware, a malicious piece of code that gives the attacker access to your device or your sensitive details. It can, for example, access your contact list, and then send messages to your friends and business contacts, pretending to be you.

Luckily Loredana knew to whom to reach out, to make sure everything was fine. Security Defenders in the GEIGER project investigated Loredana’s smartphone. GEIGER is an EU-funded Horizon 2020 innovation project that is developing a cybersecurity solution for small businesses. Loredana participates in the project, helping the cybersecurity experts to understand the small business perspective.

Together, they found out that Loredana had correctly configured her smartphone, and the Flubot malware did not succeed to install itself. The settings prevented Flubot from accessing messages that Loredana receives and using Loredana’s contact list for spreading further.

“Before verifying if the malware got installed in my phone, I was a little bit afraid. What would they do with these phone numbers stolen from me? What would happen with my contacts? I would be very sorry if my customers were affected because of me,” Loredana said. “Now that I know more, I would also like to help my clients by warning them. I’ve already advised my co-workers to not click such links.”

How can you know if your smartphone was affected? Or if you are at risk? How to prevent cyber criminals from succeeding to access your smartphone through a smishing attack? There are a few simple measures to take.

First and foremost, check that no unknown apps may be installed. iPhones are always configured that way. Android phones offer that setting in the “Biometrics and security” menu.

If you received a Flubot SMS and clicked the link, and your phone has the wrong settings that allow the installation of unknown apps:

  1. Activate the flight mode of your smartphone.
  2. Check each of the online services that use SMS login (two-factor authentication) that nothing malicious happened.
  3. Report the incident to your local cybersecurity center (in Switzerland, this is the NCSC)
  4. Back up your important data.
  5. Reset your phone.
  6. Check the settings preventing unknown apps from being installed.

“It would be important to be warned if there's an attack like Flubot circulating, to be prepared. And as I'm not a cybersecurity professional and don't know how to deal with new threats, it would be comforting to also know that there is qualified support available if something happens,” said Loredana.

Would you like to, like Loredana, learn more about digital security and how to protect your business? Make sure to sign up to GEIGER news!