These scammers are getting more crafty. I have recently noticed attempts purporting to be from Venmo. In these texts they bait you with the allure of a potential $100 gift in exchange for a quick 2 minute survey. I worked in research during my prior career and paying a participant $100 in exchange for 2 minutes of their time is overwhelmingly too good to be true. Additionally, the link they push out is clearly a scammy link. In reality, by you tapping that link, you will not receive the $100 nor will your phone or personal information be safe going forward.
This is a different style. This came through yesterday evening and it is mimicking some of the texts that companies send you to alert you about something regarding your account. Most of the time they are alerts like "You are out of data" or "Your payment has been received". This text takes that similar approach but tries to force you to click a clearly malicious link through the allure of a possible gift. Firstly, my name is not James, secondly I didn't even pay a bill. Please stay vigilant.
I also received two more similar messages, but in this case they are regarding my "bill is processed". First of all that makes no sense, secondly the message purports to be from "AT&T" but they clearly misspelled it as "ATT". Lastly, why would anyone freely give you a gift for paying your bill? Too good to be true.
"AT&T Free Msg: bill is paid. Thanks, [NAME]! Here's a little gift for you: [LINK]"
"(ATT) Latest bill processed! Thank you for your support. Here's a little something for you >> [LINK]"
Talk about bad grammar. Another clear phishing attempt was sent along. This one was interesting in that many of us are incentivized to fill out surveys on our shopping experience and this is typically printed on our receipts. However, we haven't been to Costco recently nor have we ever filled out those receipt surveys. Lastly, the link that is given just screams to be flagged.
"Costco: [NAME], the code [CODE] printed on your receipt from 14 came in 2nd in our iPhone draw: [LINK]"
This attempt I have heard has been fairly common recently. I received 2 of these attempts within 3 hours of each-other. I am located in the Eastern Standard Time zone and any attempt by me to access my Instagram account at 3 AM seems sketchy at best. This is clearly a phishing attempt by someone who is clueless when it comes to time zones. Please watch out for these.
"Tap to get back into your [Software App] account: [LINK]"
I ran through my Messenger app on my Mac and noticed a few texting attempts in the past few months other than those I already posted about. The Amazon attempt must be popular as this is the second time I received one. The USPS one was an interesting attempt.
"Congratulations [Name], you came in 3rd in [Month] Amazon pods raffle! Click the link to : [LINK]"
"USPS: the arranged delivery for the package [String] has been changed. Please confirm here: [LINK]"
This is an interesting attempt. A text was sent to a group of recipients, all number neighbors. Number neighbors are users that have the exact same number as you but the last digit is different by an increment of 1. I imagine that this tactic is utilized to cast a wide net on potentially in-active numbers. This phishing attempt was using a call to action of easy cash for placing stickers on your car by clicking a link. $500 to place a sticker on you car seems too good to be true...that is because it is.
"Hello, would you allow [Product] to put a small sticker on your [Vehicle Options]? Get [Dollar Value] driving with our brand advertisement. Click here to apply [LINK]"
Many of us have been receiving texts such as the one to the right. It utilizes a quick call to action and a sense of urgency with a "raffle" that you won. There have been others such as from UPS that claim to update you on package tracking information.
I received this text, shown on the right, from a random number and decided to do something about it. I am starting this secondary blog on my website to keep a historical record of all of these phishing attempts. This is being done to not only advocate for cyber awareness but also keeping a record of the styles of phishing, how they are worded, what methods they use, the link information, and which SMS phone number they are using.
I am also keeping an up to date tracker to follow these. You can view the tracker HERE.
Phishing text attempt received on 5/2/2021.
Welcome to my phishing documentation blog. You can see a running list of attempts HERE.