The number of SMS phishing attacks is on the rise. Over the past year, ProofPoint researchers recorded a 312% increase in SMS scams worldwide. Among the most common scams are parcel delivery scams. This type of trap, which spread massively in France during the winter, involves: impersonate a delivery service, such as the post office, in order to extract money or data from users.
A new wave of SMS phishing
According to researchers at Palo Alto Networks, a new wave of SMS scams is brewing. In a report published in early March, experts indicate that they have noted that a cybercriminal has "registered more than 10,000 domains for various scams" SMS phishing.
These domain names are designed to impersonate "parcel delivery services" or "toll services", for American services in this case. These domain names are designed to redirect Internet users to phishing platforms, which replicate the design and interface of the official delivery service websites. According to Palo Alto Networks, these fraudulent sites will be inserted into malicious SMS messages that will attempt to trap users.
Among the entities are postal services or private carriers, such as UPS, DHL, or FedEx. Cybercriminals are therefore preparing a new wave of package delivery scams. By posing as a carrier, hackers will claim that a package could not be delivered to the target's home. This announcement will attract the victim's curiosity.
Hackers manipulate iMessage
The report specifies that hackers are using a flaw in iMessage to bypass Apple's security mechanisms. Indeed, iMessage automatically blocks links in messages sent from unknown senders. This protection prevents users from accessing potentially malicious links. To fool Apple, the messages attempt to encourage targets to Reply by typing the letter Y, which will automatically disable restrictions against fraudulent links.
For now, the campaign is only targeting Canadian and American users. However, we recommend you be wary of any text messages from an unknown sender. If you have any doubts, do not reply to the message and contact the company via its official phone number or email address.
0 Comments