News and events Own Your Online External Link Report an incident
News and events Own Your Online External Link
  1. Welcome to CERT NZ
  2. Insights and research
  3. Quarterly reports
  4. Quarter Two Cyber Security Insights 2024
  5. Insight: Beyond SMS

Insight: Beyond SMS

The technology behind text messaging is constantly changing and the bad guys are keeping up. Scammers sending out phishing texts are harnessing the new features of modern messaging platforms like Rich Communication Services (RCS) and iMessage.

Graphic showing the evolution of phones including a bulky yellow handset with an antenna on the laft through to a smartphone on the right

Rich Communication Services is a feature that uses your phone’s messaging app to send messages that are visually enticing and interactive. The technology is available on most smartphones on the market today and can be used to send messages over most mobile phone networks.

RCS lets you send emojis and GIFs, react to messages, see when the other person is typing or has seen your messages, and share media and location. It also allows group texting. In short, you can do everything you can on a messaging app like WhatsApp without installing any third-party application. 

iMessage, Apple’s native messaging app, also lets you send interactive messages over Wi-Fi networks to other Apple devices. It allows users to send a message that displays an email ID in the sender field instead of a phone number.  Messages between Apple and other devices are sent as traditional SMS texts but with Apple expected to incorporate RCS soon, you will be able to send interactive messages and share files on all phones. 

What’s not to like? 

While RCS makes the average user’s texting experience richer, scammers can use these platforms to embed brand logos, attach forms and documents, buttons and link previews. The texts can look convincing and increase the risk of impulsive actions. 

RCS messages can be sent over the internet even when there’s no cellular network. A scammer can send hundreds or thousands of texts and it won’t cost them a cent.  There are no additional charges for sending international messages or for roaming.  

According to the Department of Internal Affairs (DIA), RCS and iMessages are not visible over the mobile network, so NZ telecommunication providers cannot monitor them in the same way they can with SMS messages. This causes issues when it comes to combating RCS and iMessage phishing attacks.

New Zealand spam law External Link

Spot a phishing text

No matter the technology used, the intent of phishing texts messages remains the same – to steal your information and money. RCS texts reported to CERT NZ include texts about missed parcels, pending road toll and texts with fake invoices.  You can identify a phishing text from these telltale signs. 

Illustrative graphic of mobile phone with red flags on the screen

  • You receive a message unexpectedly.
  • The message is from an international number, or an email address.  
  • The sender creates a sense of urgency. 
  • The sender asks you to click on a link or to download an attachment 
  • The sender asks you for personal information.  

 

Advice from the DIA

If you receive a scam message via RCS or iMessage, take the same action you would with an SMS message: 

  • Ignore the message and don't click any links.  
  • Forward the message for free to DIA’s 7726 spam reporting service and follow all the prompts.   
  • If the message came to your text message inbox from an email address you can still report this to 7726. When asked for the sender's phone number, enter the email address instead.