I honestly haven't received any SMS phishing attempts since February 2022, ~5 months ago. With lack of content phishing attempts I haven't had the chance to add anything to the blog. However, just recently I did receive 2 more phishing attempts. Both of which were within 10 days of each other. Maybe this has something to do with summer travel and people going on vacation? Quite possibly.
The first SMS received was another typical delivery confirmation (see below). It was stating that the delivery address was incorrect and that I need to click this link to update my information or else the package will not be delivered. No mention of the carrier (UPS, FedEx, etc.) nor the store (Amazon, Target, etc.). This is immediately flagged as a phishing attempt.
"Your delivery address is incorrect and the package cannot be delivered, please update the address information in time at the link. [LINK]"
The second SMS received was actually a bit more clever (see below). With people traveling this summer you are more often than not going to receive notifications from your bank or card issuer that your card has been locked due to "suspicious activity" since you may have travelled out of state and made a large purchase. It looks somewhat legitimate, but with it being all caps, strange grammar, and a specific call out to a very popular vendor (Apple) - it immediately raises a red flag for me.
"[BANK]:CARD LOCK DUE TO [MONEY AMOUNT] WAS SUBMITTED TO [COMPANY] NOT YOUR REQUEST? VISIT [LINK] TO CANCEL"
Oddly enough, I actually received one last week that was legitimate. A purchase was made out of state and the bank immediately sent a similar text saying that the card was locked. I appreciate the ability of banks to respond quickly, but it assumes the user has trust in the delivery mechanism. Even though I received the legitimate text, I called the bank directly and asked about it. Anymore, if an institution reaches out to me via text - I inquire through a different channel as the possibility for phishing has steadily been rising over the past few years. Besides, with so many accounts being linked to personal phones - there is the risk that any engagement with a fraudulent phish attempt will result in a compromised account.
Welcome to my phishing documentation blog. You can see a running list of attempts HERE.