HONOLULU (KHON2) -- Has this happened to you? A text was sent from your phone to one of your contacts, and you didn't send the text or participate in the ensuing conversation?
This happened to local Makiki resident Dan Paul Roberts.
"Last night I was at the movie; and after I'd gotten out of the movie, I realized I needed to send a text to someone," remembered Roberts. "So, I open it; and I'm, like, what are these messages? I didn't write these. You know, like, there's, like, three or four back-and-forths between that person and I, except I did not send them. The phone was in my pocket at that time."
Roberts went on to explain that the text that was sent to his contact was phishing for that person to send their email address.
"The messages were kind of weird and phishing for their email address," added Roberts
This is not unlike the email scam in which someone's email is hacked, and the receiver is diverted to a different email address in their response. However, in this situation, the person Roberts's phone had texted was not diverted to a different number.
KHON2.com reached out to the Better Business Bureau and spoke with Cameron Nakashima. He explained that there a couple of different scams happening. The first, we're more familiar with, Account Takeover Fraud.
This is when a cybercriminal gains unauthorized access to a victim's online account, such as a bank account, email or social media account. Once they have control, they may use the account for various malicious activities, including stealing funds, committing identity theft or spreading malware.
But the scam that Roberts experienced wasn't this. It was what Nakashima referred to as phone hacking, mobile device hacking or phone hijacking.
"This is scam where a phone device is hacked," explained Nakashima. "This type of scam involves unauthorized access to a smartphone or mobile device, allowing the hacker to steal personal information, intercept communications or install malware."
He went on to explain that these methods are used to hack a phone and can include phishing attacks, exploiting vulnerabilities in the phone's software or using malicious apps. In Roberts's case, it was using his phone to get personal information from his personal contacts.
Nakashima provided three tips to help decrease the likelihood of your device or account getting hacked:
- Don’t click links from people you don’t know or have not heard from in a long time. These can contain trojan horse malware that lets hackers take over your device.
- Avoid suspicious store websites and never shop on unsecure sites. You can look up website scams and vet businesses you are unfamiliar with by looking them up on the BBB website.
- Use strong passwords and 2-factor authentication.
Nakashima explained that this is a relatively new scam and that the BBB is still investigating it.
Roberts said he's received many text scams before, but they were from outside his personal phone contacting him for his information.
"This one has never happened to me before," added Roberts.
Roberts said he is thankful no one got scammed in this particular situation but certainly cautions everyone to verify, verify, verify.