So, over the past week, I’ve received two quite interesting SMS phishing messages (also known as Smishing).
I thought it would be worthwhile going through what I found as a result of the attempts to get my payment details, in the hope someone reads this and thinks twice about clicking unsolicited links.
It happened like this:
1. The Smish
I received the above text message from a fake contact called ‘Info’. There was no number behind the contact, so it was immediately suspicious.
I’m also not an O2 customer, which helps…
Not wanting to click the link without first checking where it took me, I put the Bitly link into a link expander, and then ran it through Virus Total. The results showed up as ‘clear’ of any viruses, as you can see below:
So, I decided to go on a bit of a fact finding adventure. I went over to the malicious site, curious about what it would ask me about…
Notice it is served over HTTP (not secure), as apparently, even scammers find encryption hard! 🤐
So, first of all, they were asking for my “O2” login details. I input random nonsense into both the username and password field, and low and behold, I was ‘logged in’. Clearly, just a credential harvesting page. But, the next page got a bit more interesting…
Of course, the original message told me there was a problem with my bill, so it makes sense if I sign into my account, I’d be presented with a page to update my account details?
Again, I input completely random numbers and letters (there was no field validation, so it wasn’t checking the card numbers were valid etc). Once done, I was shown a loading screen:
And after a short time (about 5 seconds), I was re-directed to the official O2 website:
I decided to take some action on the Bitly link, so I reported it to Bitly.
After about 26 hours (yeah, it wasn’t speedy!) I got the below message when I tried to visit again:
2. The Smish, MKII
A few days after the O2 message, I received a fresh message from ‘WhatsApp’. This one is even less convincing, given that I don’t pay for WhatsApp, but anyway, I decided to go through the same process to see what would happen this time.
This time, after checking the link wasn’t a virus etc, I was taken to a page (lazily the domain was ‘O2bll.com”, which was designed to look like a WhatsApp page. It didn’t ask me to ‘log in’ this time, but did ask me for some personal details:
So again, after inputting some random letters and numbers into each field, I was presented with the Step 2 page:
Makes sense I suppose. If my ‘subscription’ to WhatsApp had run out, and I needed to pay more money, of course they’d need my card details AND bank account and sort code? So, more random text and onto Step 3:
Arg, no, a Security question! This lot take security seriously. Not to worry, apparently they accept a passport number of ‘Edward Snowden’, so that’s a legit security process! 🤩
So, after all that, my details were ‘checked’ and verified, and I was this time re-directed to the official WhatsApp page.
So why this post about Smishing?
You are probably thinking, so what? Not a big deal, the messages and the pages that followed were clearly suspicious? Right?
Well, wrong. It might be obvious to the tech and security savvy followers of my posts, but to some members of joe public, those who don’t know/care/think about scams, this will catch them out!
I’ve since reported both messages and pages to Action Fraud, O2, WhatsApp, and Bitly, so that at the very least, the links can be blocked, and others won’t be so easily fooled. However, as we all know, for each link blocked, there will be another 50+ created!
The most effective way to stop this kind of scam, is to speak to people we know who are vulnerable, less aware, or just someone we think is likely to take the text messages at face value. We all know someone (usually an older family member), so it’s worth just mentioning what can happen, detailing the process above, and put it on their radar as being a scam. Then, just maybe, we’ll stop someone else falling victim to these primitive, but clearly worthwhile, scams.