The number of scams involving users mobile phones is growing. Kommersant notes a 30% increase in malicious calls in May compared to the same period last year. Vimpelcom also reported that the number of cases of phone fraud has increased significantly since the beginning of March.
This is facilitated by multiple data leaks from users of different services. Databases of customer numbers of pharmacies, delivery services, and other services fall into the hands of attackers. One of the relatively new methods of Internet fraud is SMS bombers.
On the GitHub platform, you can find more than 700 offers with different ratings and the number of downloads for the target query. Here are the top programs in different languages:
1. Python. TheSpeedX/TBomb.
2. Java. jdleo/SMS-BOMBER.
3. PHP. KyxRecon/SMS-BOMBER.PHP.
For people who are completely unfamiliar with the code and don't know how to use it, there are already ready-made solutions: from specialized sites to Telegram channels.
A formal "disadvantage" of SMS bombing can be called low efficiency – you can protect yourself from it with a primitive lock, with one click in the smartphone settings menu.
We can say that SMS bombing is widely used: from harmless practical jokes to deliberate harassment or fraudulent purposes.
Such a spam attack "loads" both the user's smartphone and the company's website. However, at the moment, most organizations are aware of this problem and set limits on sending SMS codes to prevent illegitimate use of a web resource as a spam attack tool.
If we are talking about cases when bombing is used by non-professionals, then the most vulnerable place is the SMS centers that we use bomber. They work officially and request registration data from their users. The law obliges such services to provide data at the request of law enforcement agencies. In some cases, you can do without a reasoned lawyer's request.
However, the situation may be complicated if the person used fake numbers. Then identifying the attacker will require a lot of resources and technical resources.
Another way, more reliable and designed for permanent protection – is to use the service to block SMS bombing. They can be provided by both communication providers and third-party applications.
This is facilitated by multiple data leaks from users of different services. Databases of customer numbers of pharmacies, delivery services, and other services fall into the hands of attackers. One of the relatively new methods of Internet fraud is SMS bombers.
SMS bombers
SMS bombers are software that allows mass mailing of messages to a given mobile phone number. Bombing can be used for various purposes, both for aggressive marketing and for spam attacks via SMS.On the GitHub platform, you can find more than 700 offers with different ratings and the number of downloads for the target query. Here are the top programs in different languages:
1. Python. TheSpeedX/TBomb.
2. Java. jdleo/SMS-BOMBER.
3. PHP. KyxRecon/SMS-BOMBER.PHP.
For people who are completely unfamiliar with the code and don't know how to use it, there are already ready-made solutions: from specialized sites to Telegram channels.
Why SMS bombing is popular
The popularity of bombing is based on three factors:- Minimal costs. As a rule, owners of bombing services ask for a small amount for their services and take the number of customers, or earn money from ad impressions.
- Conditional security. SMS bombing in its pure form is difficult to qualify as an offense. For individuals, the most serious penalty can be an administrative fine, and then only if the victim applies to law enforcement agencies, and the attacker is identified.
- Simplicity. Moreover, both the creation of a bomber jacket and its use by customers. It is enough to register in the service, choose the duration and other characteristics of the bombing, and enter the victim's number.
A formal "disadvantage" of SMS bombing can be called low efficiency – you can protect yourself from it with a primitive lock, with one click in the smartphone settings menu.
What is SMS bombers used for?
Bombing SMS messages can be used for different purposes. Most often, this is:- Advertisement. For example, as part of the launch of a new online store, a database of a store customer with a similar theme is purchased, and messages are sent to a "warm audience".
- A cyberattack. In this case, the bombing is carried out in order to get the user's data. These can be malicious links or messages about an attempt to log in to your personal account on a specific resource.
- Bullying. For example, one of the neighbors constantly carries out noisy repairs at an unscheduled time, and activists of the neighbor's chat decide to take revenge on him by night bombing with SMS messages.
We can say that SMS bombing is widely used: from harmless practical jokes to deliberate harassment or fraudulent purposes.
SMS bombing and brands
Of particular interest is the use of password recovery forms from different companies for SMS bombing. The script sends a request to restore the password for the victim's phone number. An SMS code is sent to your phone in response. If the company's website doesn't have a timer set, the script can make dozens of requests in one minute. For example, there are many users of the Apteka service.we encountered a similar problem.Such a spam attack "loads" both the user's smartphone and the company's website. However, at the moment, most organizations are aware of this problem and set limits on sending SMS codes to prevent illegitimate use of a web resource as a spam attack tool.
How do I find out who launched the SMS bomber?
This depends on the skill level of the attacker. If we talk about a person who respects digital anonymity and does not use ready-made SMS-bombing platforms, then it is almost impossible to calculate it.If we are talking about cases when bombing is used by non-professionals, then the most vulnerable place is the SMS centers that we use bomber. They work officially and request registration data from their users. The law obliges such services to provide data at the request of law enforcement agencies. In some cases, you can do without a reasoned lawyer's request.
However, the situation may be complicated if the person used fake numbers. Then identifying the attacker will require a lot of resources and technical resources.
Ways to protect yourself from SMS bombing
The easiest way to protect yourself from aggressive SMS spam is to turn off your device for a short time. Most bombing services provide bombing services within 20 minutes. Disabling the device for 10-15 minutes will allow you to interrupt the script algorithm.Another way, more reliable and designed for permanent protection – is to use the service to block SMS bombing. They can be provided by both communication providers and third-party applications.
