Mobile Menace Monday: SMS phishing attacks target the job market
Cybercrime | News

Mobile Menace Monday: SMS phishing attacks target the job market

Posted: September 24, 2018 by Nathan Collier

Recently, a co-worker received an enticing SMS message from ASPXPPZUPS Human Resources. It read:

Tired of your old job? Join our team today, work from home and earn $6,200 per month: hire-me-zvcbrvpffy..com.  

Could it be that our dream job awaits via random text message? On the contrary, this SMS phishing attack could cause nightmares for unsuspecting job hunters.

Don’t quit your day job

In order to investigate this phish further, the first step is browsing to this so-called career-changing website mentioned in the message.

Amazon!? Awesome! Let’s review this exciting position of Prime Agent. Great base salary plus commission! Full healthcare and minimal working hours! Brand new car!? All for a couple of easy job responsibilities you can do from home—Apply now!

Okay, seriously though, if the brand-new car bit doesn’t tip people off this is a ruse, I don’t know what will.

Gathering information

Knowing this is a ruse, let’s proceed forward by clicking Apply now regardless.

This is where I’m a little disappointed in the scammers. This could be an opportunity to gather a person’s full resume, with history of work, education, where they live, and a plethora of other information. Instead, they only ask for name, email, and phone number. Lazy. Still, this is enough to send spam emails and even more SMS phishing attacks.

Adding fake information and turning on a network sniffer, I submitted the information.

As a result, the network capture shows the information going to a amz-jobs-careers./apply.php. After hitting Submit Details, it redirects to amazon.com to make things look legitimate.

Job hunters beware

Many studies have shown that in America, many people are unhappy with their current jobs. For example, the Conference Board conducted a 2018 

To aid in the battle against SMS phishing attacks, our premium version of Malwarebytes for Android alerts users of dangerous links in SMS messages. Furthermore, our it also scans phishing URLs when using the Chrome browser, once again alerting on detection.

In case anyone was wondering, I’m fortunate to be in the 51 percent of people happy with their jobs—mainly because I get to protect readers like you! Stay safe out there!

RELATED ARTICLES

leaking bucket in the cloud
News | Privacy

4.8 million healthcare records left freely accessible

December 13, 2024 - Care1, a Canadian healthcare solutions provider left a cloud storage instance freely accessible and unencrypted for anyone to find.

CONTINUE READING 0 Comments
patched Apple
Apple | News

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more

December 12, 2024 - Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.

CONTINUE READING 0 Comments
data brokers have lots of location data
News | Privacy

Data brokers should stop trading health and location data, new bill proposes

December 12, 2024 - Senators introduced a bill to stop data brokers from trading in health and location data and enable the FTC to enforce the new rules

CONTINUE READING 0 Comments
TikTok logo
News | Privacy

TikTok ban in US: Company seeks emergency injunction to prevent it

December 10, 2024 - TikTok has requested an emergency injunction to stop or postpone the planned ban on the platform in the US.

CONTINUE READING 0 Comments
Matrix encrypted messaging service seized
News | Privacy

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

December 9, 2024 - Authorities were able to intercept the Matrix messaging service’s traffic and monitor criminal activity for three months.

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Nathan Collier

Nathan Collier

Full time mobile malware researcher, part time endurance athlete and world traveler. As nerdy about traveling as he is about mobile malware.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams