I had to make a post about these two recent texts that were received. Both are extremely strange in nature. The first here on the right, is a text stating that "We are unable to decline a charge...". What does that even mean? The shear oddity of this text would at least make someone click the link. Maybe that is the point. However, why would I receive a notification if a charge was UNABLE to be declined? Let alone, why would I need to verify this? It does hit on the same vein of text alerts of potential fraudulent charges that you may receive from you bank/card issuer. "[ORGANIZATION]: We are unable to decline a charge, visit [LINK] to verify." The next text that was received was out of this world. First, the sender of this text is outrageously fraudulent. Domain name of "jocemp.website"? I don't think that is in any way legitimate Next, the context of this text is that somehow I got locked out of my Amazon account, my account is suspended, and I need to take action by clicking this link. It is more clever. The login IP is suspect, I live in the West, so why would I be logging in from Turkey? However, the more I read this the more and more it reads like a phishing attempt. Since when does Amazon text you that your account was suspended due to an UNUSUAL login? It would just be an alert if anything. Lastly, the link that is provided is "...buildacool.com...". Red flags.
Bottom line, be vigilant - these phishing attempts are becoming more aware of our legitimate text alerts and are piggybacking off the structure. Best mode of practice is that if you didn't take an action that resulted in this text AND the link/sender looks odd - it is 100% a phishing attempt. "Security Alert: We've suspend your [ORGANIZATION] account due to unusual login. [RANDOM IP]. Our system has suspend your [ORGANIZATION] account for security reasons. To unlock your [ORGANIZATION] account, please verify with link below [LINK]. You need to take action within 2 days before account will be suspended. Regards, [ORGANIZATION] Teams." I honestly haven't received any SMS phishing attempts since February 2022, ~5 months ago. With lack of content phishing attempts I haven't had the chance to add anything to the blog. However, just recently I did receive 2 more phishing attempts. Both of which were within 10 days of each other. Maybe this has something to do with summer travel and people going on vacation? Quite possibly. The first SMS received was another typical delivery confirmation (see below). It was stating that the delivery address was incorrect and that I need to click this link to update my information or else the package will not be delivered. No mention of the carrier (UPS, FedEx, etc.) nor the store (Amazon, Target, etc.). This is immediately flagged as a phishing attempt. "Your delivery address is incorrect and the package cannot be delivered, please update the address information in time at the link. [LINK]" The second SMS received was actually a bit more clever (see below). With people traveling this summer you are more often than not going to receive notifications from your bank or card issuer that your card has been locked due to "suspicious activity" since you may have travelled out of state and made a large purchase. It looks somewhat legitimate, but with it being all caps, strange grammar, and a specific call out to a very popular vendor (Apple) - it immediately raises a red flag for me.
"[BANK]:CARD LOCK DUE TO [MONEY AMOUNT] WAS SUBMITTED TO [COMPANY] NOT YOUR REQUEST? VISIT [LINK] TO CANCEL" Oddly enough, I actually received one last week that was legitimate. A purchase was made out of state and the bank immediately sent a similar text saying that the card was locked. I appreciate the ability of banks to respond quickly, but it assumes the user has trust in the delivery mechanism. Even though I received the legitimate text, I called the bank directly and asked about it. Anymore, if an institution reaches out to me via text - I inquire through a different channel as the possibility for phishing has steadily been rising over the past few years. Besides, with so many accounts being linked to personal phones - there is the risk that any engagement with a fraudulent phish attempt will result in a compromised account.
|
AuthorWelcome to my phishing documentation blog. You can see a running list of attempts HERE. If you experience a fraud attempt please report to the FTC here: LINK Archives
October 2022
Categories
All
|