Sharad Agarwal, University College London (UCL), Stop Scams UK; Emma Harvey, Stop Scams UK; Enrico Mariconti, University College London (UCL); Guillermo Suarez-Tangil, IMDEA Networks Institute; Marie Vasek, University College London (UCL)
SMS fraud has surged in recent years. Detection techniques have improved along with the fraud, necessitating harder-to-detect fraud techniques. We study one of these where scammers send an SMS to the victim addressing mum or dad, pretend to be their child, and ask for financial help. Unlike previous SMS phishing techniques, successful scammers interact with victims, rather than sending only one message which contains a URL. This recent impersonation technique has proven to be more effective worldwide and has been named 'hi mum and dad' SMS scam. In this paper, we collaborate with a UK-based mobile network operator to access the initial 'hi mum and dad' scam messages and related user spam reports. We then interact with suspicious scammers pretending to be potential victims. This is the first work empirically studying this particular scam. We collect 582 unique mule accounts from 711 scammer interactions where scammers ask us to pay more than £577k over three months. We find that scammers deceive their victims mainly by using kindness and distraction principles followed by the time principle. The paper presents how they abuse the services provided by mobile network operators and financial institutions to conduct this scam. We then provide suggestions to mitigate this cybercriminal operation.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
