It always pays to be cautious where unsolicited text messages are concerned, as conniving phishers don’t always stick to the tried and tested route of email scams. For example, here’s two random texts sent out to one of our burner phones:
The targets here are customers of Bank of America and Wells Fargo. The messages read as follows:
BofA customer your account has been disabled!!!
Please read this readmybank0famerica.cipmsg-importantnewalertt(dot)com
I think I’d probably be faintly worried if my otherwise sober and businesslike bank started sending out messages with more than two exclamation marks in a sentence, but even without that, observant recipients would notice they also added an extra “t” onto the end of “alert”.
The other message reads as follows:
(wells fargo) important message from security department! Login
The above URL redirects clickers to the below website:
The phishers want a big slice of personal information, including name, DOB, driving license, social security number, mother’s maiden name, address, city, zipcode, card information, ATM PIN number, and even an email address.
All this, from a simple text.
SMS phishing is not new, but it does snag a lot of victims. Random messages from your “bank” asking you to visit a link should be treated with suspicion, especially if those links ask you to login. Banks are certainly not the only target of SMS phishers, but they’re one of the more valuable bullseye for scammers to sink their teeth into. Whether receiving messages by email, text, or phone, your logins are only as safe as you make them – don’t make it easy for bank phishers and delete that spam.
Christopher Boyd (Thanks to Dana)