With e-mail based spam dying a slow death, cyber-criminals are moving to more targeted and personal communication. According to a report by security company Webroot, a new phone number harvester is being advertised these days on the web.
The tool does pretty much what an e-mail address crawler can do; scrape the web a page at a time in search for phone numbers, ownerâ€™s name and mobile carrier. Unlike e-mail addresses, mobile phones are prefixed, which allows a phone number digger to target specific prefixes in their area of interest.
Harvested phone numbers can then be aggregated with the service of an SMS gateway for sending messages, from various commercial offerings to borderline-destructive attacks exploiting USSD bugs or even for delivering malicious links to smartphone users. Since no security solution exists to check the legitimacy of a short messageâ€™s content, the success rate in the case of a SMS attack is much higher than that of spam.
If youâ€™re a regular user, share your phone number with trustworthy people only. When publicly sharing your phone number, you run more than the risk of having unknown people call you and hang up in the wee hours. If youâ€™re the administrator of a classifieds website, consider implementing and anti-crawl script for any phone numbers your visitors may post, just to stay on the safe side.