Recently, a co-worker received an enticing SMS message from ASPXPPZUPS Human Resources. It read:
Tired of your old job? Join our team today, work from home and earn $6,200 per month: hire-me-zvcbrvpffy.
Could it be that our dream job awaits via random text message? On the contrary, this SMS phishing attack could cause nightmares for unsuspecting job hunters.
Don’t quit your day job
In order to investigate this phish further, the first step is browsing to this so-called career-changing website mentioned in the message.
Amazon!? Awesome! Let’s review this exciting position of Prime Agent. Great base salary plus commission! Full healthcare and minimal working hours! Brand new car!? All for a couple of easy job responsibilities you can do from home—Apply now!
Okay, seriously though, if the brand-new car bit doesn’t tip people off this is a ruse, I don’t know what will.
Knowing this is a ruse, let’s proceed forward by clicking Apply now regardless.
This is where I’m a little disappointed in the scammers. This could be an opportunity to gather a person’s full resume, with history of work, education, where they live, and a plethora of other information. Instead, they only ask for name, email, and phone number. Lazy. Still, this is enough to send spam emails and even more SMS phishing attacks.
Adding fake information and turning on a network sniffer, I submitted the information.
As a result, the network capture shows the information going to a amz-jobs-careers.
To aid in the battle against SMS phishing attacks, our premium version of Malwarebytes for Android alerts users of dangerous links in SMS messages. Furthermore, our it also scans phishing URLs when using the Chrome browser, once again alerting on detection.
In case anyone was wondering, I’m fortunate to be in the 51 percent of people happy with their jobs—mainly because I get to protect readers like you! Stay safe out there!