Scammers are getting serious about texting.
In the samples analyzed by Digital Shadows, the scammers masqueraded as major brands including Amazon, USPS, FedEx, Cash App, Netflix, as well as adult entertainment services, unnamed delivery services and payment card or financial services. The SMS messages primarily originated from spoofed U.S. numbers, including 917, 765, 646, 470, 347 or 332 area codes.
The most popular scam has been an SMS message claiming that the victim has an urgent notification about a USPS package, Digital Shadows said.
Like all scams, the bad guys are after personally identifiable information (PII), including full name, email address, physical address, and payment card details. If a victim clicks on the link and is duped into filling out a form, the information is forwarded to the attackers.
But the malicious links often linger only briefly.
“Despite the attack being so widely distributed, analyzing samples of the attack proved challenging,” Digitial Shadows said. “The links circulated to victims only lasted for a couple of hours before becoming inactive or being taken down.”
This is done to prevent forensics on the attacks, the cybersecurity firm explained.
The hackers aren’t just after credit card data. They’re satisfied with full names, email addresses, current location and physical address.
“This type of data can be precious to threat actors, as it can be leveraged to launch targeted cyber attacks in the future, such as spear phishing,” Digital Shadows said.
Personal information, such as the victim’s state, name and contact information, could also be used to aid nation-state actors in disseminating misinformation campaigns aimed at influencing voting, the cybersecurity firm noted.
Digital Shadows also cited texting as a way to distribute ransomware. Fake COVID-19 tracking software has been used to distribute Android ransomware, Digital Shadows said.
In a joint advisory by the U.K.’s National Cyber Security Centre (NCSC) and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA), the agencies said cyber-criminals use COVID-19 as a “lure” to deploy a variety of ransomware and other malware.
The agencies also said that nation-state actors impersonated government-related agencies in malicious SMS messages pretending to be COVID-19 related news.
“Historically, SMS phishing has often used financial incentives, including government payments and rebates (such as a tax rebate) as part of the lure. Coronavirus-related phishing continues this financial theme, particularly in light of the economic impact of the epidemic and governments’ employment and financial support packages,” the advisory said.
In one of the more credible scams highlighted by the NCSC and CISA, the text message starts with “Urgent” and says the government has “issued a payment to all residents as part of its promise to battle COVID-19.” Then it asks the victim to click on a link to apply.