Phishing/spam via SMS

Published: 2012-08-22
Last Updated: 2012-08-22 00:35:16 UTC
by Adrien de Beaupre (Version: 1)
6 comment(s)

I have seen one on my own phone, and a lot of people have reported seeing them. It is an SMS mesage from a throw away or spoofed number and looks something like this:

"You have won an Apple iPad or iPhone or iPod or something from Apple, click on this www.apple.com.othercrud.baddomain"

Guess what? You have won your credentials being phished, free malware, and other badness. Ain't nothing for free. Although from the spammer/phisher point of view they get something of value from people who expect something for nothing, for little effort on the part of the spammer/phisher. Funny how that works.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

I will be teaching SANS Sec560 in Montreal this September, and Sec542 in Vancouver this December.

6 comment(s)

Comments

Yeah, I have seen this on my phone too. Luckily my Android's call/text blocking software stopped it.

I don't use the call or text features of my cell phone plan (there are others on the plan who do), and I instead use call and text features of apps available, that way I can still make calls and text even when my carrier is unavailable.

So, I installed call/text blocking software, just in case someone tries to contact me on my non-SIP phone or text me on my non-Internet-texting number.

Of course, I never clicked on that link because I never saw the message.
So I imagine that nothing from my phone was phished?
So I have received this spam on my Irish mobile, just yesterday from a +1 400 200 0352 with a link for http://www.apple.ie.acgiveaway.info.

So they've obviously moved their operations internationally.
I have received these as well in Indiana, US. Are there any security holes on any mobile platform being used to get in the front door or is it just a good old trojan horse get you to install X app/plugin?
Thankfully SMS anti-spam is becoming more std. with providers but it's still a relatively new service in that sector so efficiency is still questionable.
I've seen a number of these claiming to be from ourselves to the customer, any that do get through the existing filters I add the domains to our DNS blackhole list.
I received some SMS spam a month or so ago. Looked like it was coming from a bank with information about my account. Another phone on my plan also received it. One of the numbers wasn't even a valid US phone number (area code did not exist). Haven't seen anything since, yet...
For some reason, the people on prepaid phones I see seem to get way more of these that those who have major US carriers. Not sure if they're doing filtering...

Diary Archives