Sending bulk SMSes is the new trick attackers are leveraging to harass mobile phone users, making them victims of what is known as ‘SMS Bombing’. In this particular instance, hackers sent several messages and one-time passwords (OTPs), and make OTP calls in a short span of time from famous Indian food delivery platforms like Zomato, Licious, Zepto, etc., and other websites, including ByjusSupport, Flipkart, and Apollo, among others. Users complained to the Indian cyber cell against receiving bulk SMSes and other communications from similar apps. Some users were found to have also received over a hundred messages a day.
Freeware is one of the apps used to create bulk SMS, and other apps used for SMS bombing were SMSBomber, BombItUp, and TXTBlast.
Cyber expert Sourajeet Majumder told The Financial Express that often, these websites use vulnerable API points of other legitimate firms that send OTPs and other communications to users related to their login, password reset, order, etc.
He continued, “Attackers exploit these APIs by making GET/POST requests with their scripts which in turn automates the sending of messages and helps them to perform SMS bombing attacks,” adding that accessing such tools was easy and only required entering the phone number and the number of messages to be sent to the victim.
Legal experts maintain that using such maneuvers constitutes harassment. A user can lodge a complaint against such incidents to stop the crime. It was found that SMS bombing penetrates the Indian ‘Do Not Disturb’ service (DND) that blocked unwanted telemarketing calls or messages. Moreover, bombarding a phone with multiple messages despite activating the DND service was a criminal act of theft under the Indian Penal Code Sections 378 and 420, stated Satya Mulay, a lawyer at the Bombay High Court.
It was evaluated that allowing a hundred spam messages was safer than losing a legitimate one. This has further emphasized the need for more sophisticated security measures used by developers and companies to combat spammers, hackers, and online criminals that evolve with technology.