Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: SMS Phishing at the SANSFire 2011 Handler Dinner - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SMS Phishing at the SANSFire 2011 Handler Dinner

After a great "State of the Internet" Panel at SANSFire 2011 with the Internet Storm Center Handlers we began to reflect on Phishing, Spear Phishing, FAKE-AV etc and how this threat is never going away.

In another episode of "Handlers have lives too" we get Phishing and run into strangeness as well. While sitting at our Handler Dinner a Handler Phone buzzed with a text message. Not unusual, but when examined a good gut chuckle rumbled out of the handler (By the way, that handler was me).

The message then got passed around to the rest of the handlers. It was then that Dr Johannes Ullrich, our boss, said "Take a screenshot and post it."

On a serious note, after taking a look at this screen shot, ask yourself, who would fall victim to this? Notice the optout,reply,stop?

One of our sister sites has great information on "Securing the Human OS" and this plays right into that shameless plug [1]. Technology is so pervasive and only going to get more complex.


Richard Porter

--- ISC Handler @ SANSFire 2011


173 Posts
ISC Handler
Jul 19th 2011
Where is the screenshot?

1 Posts
It is on another server so if you have something blocking content from other sites you might not see it.


206 Posts
I fail to see the phish.. to me it looks like the usual instant-credit spam.

41 Posts
I have a co-worker who is receiving lots of SMS spam. He asked me what he can do about it. I can provide suggestions on how to filter email using our anti-spam solution or, in our case, Outlook filters. But I don't know what to do about SMS spam. Any suggestions?
5 Posts
Replying to short code senders with STOP is AT&T's documented response.
They should be held to the Do Not Call list.

21 Posts

Sign Up for Free or Log In to start participating in the conversation!