{"id":7074,"date":"2017-03-22T08:10:25","date_gmt":"2017-03-22T16:10:25","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/22\/news-865\/"},"modified":"2017-03-22T08:10:25","modified_gmt":"2017-03-22T16:10:25","slug":"news-865","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/22\/news-865\/","title":{"rendered":"SMS phishing for the masses"},"content":{"rendered":"

Credit to Author: J\u00e9r\u00f4me Segura| Date: Wed, 22 Mar 2017 15:00:27 +0000<\/strong><\/p>\n

Phishing remains one of the top threats that affects both consumers and businesses thanks to ever\u00a0evolving tricks. While ‘classic’ phishing emails remain a problem, they can somewhat be thwarted via spam filters, whereas SMS phishing scams are much more difficult to protect against.<\/p>\n

Case in point, here’s a fraudulent\u00a0text message\u00a0purporting to be from RBC, a Canadian financial institution, which made it through our phone without getting blocked:<\/p>\n

\"\"<\/p>\n

Text message: Activities on your RBC Account is unsual. click\u00a0 http:\/\/www1.royalbank.com.cgi-bin-rbaccess-rbunxcgi.gq to secure<\/em><\/p>\n

If you followed the instructions and visited\u00a0the link, you’d be redirected to a decoy site looking almost exactly like the real one.\u00a0The crooks have designed the template to harvest as many\u00a0credentials as they can (i.e. driver’s license, phone number, all three security questions) in order to gain illegal access to your account:<\/p>\n

Click to view slideshow.<\/a> <\/p>\n

It is pretty scary to think that within minutes you could give crooks all the information they need to perform all sorts of illegal activity on your bank account, as well as perpetrate additional identity theft by impersonating you.<\/p>\n

Checking the IP address where the phishing page resides (166.62.36.128<\/em>), we find another\u00a0phish for Bank Of Montreal (BMO), but also a domain (chatfellow.com<\/em>) used to host the PHP panel of\u00a0an application called “Sendroid”.<\/p>\n

Sendroid is a framework to help you manage your bulk SMS campaigns and in itself is not malicious. Users are required to have a proper SMS provider in order to actually start sending text messages.<\/p>\n

\"\"<\/a><\/p>\n

However, some user comments\u00a0left on Sendroid’s purchase page show how it could be easily abused by spammers:<\/p>\n

\n

\u00a0I have like 4000 contact to send sms to. And my gateway batch size is set to 200. Does this mean that, the sendroid portal will only allow me to send sms to 200 people out of the 4000?<\/p>\n<\/blockquote>\n

That’s a lot of contacts, but who knows… could be a popular guy.<\/p>\n

It would be interesting to know the success rates of such phishing campaigns. Much like regular\u00a0spam, it’s all about volume and even getting a small fraction of marks is enough to make it profitable.<\/p>\n

Please be on the lookout for such fraudulent SMS text messages. The “intimacy” of receiving a message on a phone makes this scheme even more dangerous because we are more likely to have our guards down and fall for it.<\/p>\n

This campaign was reported to RBC and the website has been\u00a0blacklisted.<\/p>\n

The post SMS phishing for the masses<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: J\u00e9r\u00f4me Segura| Date: Wed, 22 Mar 2017 15:00:27 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
This post looks at a recent SMS phishing scam for the RBC bank and a tool the attackers may have used to bulk send fraudulent SMS messages.<\/p>\n

Categories: <\/p>\n