Security news aggregator

Latest coverage for SMS

SMS is used for login codes and alerts, but text messages can be intercepted, spoofed, or redirected through phone-account attacks.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

SMS (Short Message Service) is a standardized mobile-network service for sending short text messages between phone numbers. It is widely used for person-to-person communication, service notifications, and one-time authentication codes, but messages are generally not end-to-end encrypted and may be visible to mobile operators or infrastructure handling delivery.

Security concerns include smishing—phishing delivered by text—along with sender-ID spoofing, malicious links, and social engineering. Account recovery and SMS-based multi-factor authentication can also be undermined when an attacker takes control of a phone number through SIM swapping, abuses carrier processes, or exploits signaling-system weaknesses. Organizations should avoid treating SMS as a high-assurance authentication factor where stronger options are practical, restrict sensitive content in texts, monitor number-change and authentication events, and train users to verify unexpected messages through a trusted channel.

Showing 1 most recent headlines Filtered view
Krebs on Security 1 year, 6 months ago

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.