Phishing with Text Messaging

February 23rd, 2007 by dk

A friend of mine came and showed me a text message she had received around Valentines day. The message was titled “b my valentine”, followed by a web link to http://69844.cc/wp/md2.aspx?m=someid.

We have obviously heard of mobile worms and viruses, but it made me think around phishing attacks using text messages. The general public are alot more aware of email phishing attacks, but would they expect it to come from a text message? A number of banks provide a text messaging alert service for cash withdrawals etc. Text phishing although more targetted is an interesting attack vector which I haven’t heard of before.

7 Comments so far

  1. David Kierznowski @ February 23rd, 2007

    I got sent a couple links regarding this:
    http://www.itweek.co.uk/vnunet/news/2163586/sms-phishing-attack-seen-wild

    http://www.smstextnews.com/2006/08/smishing_-_sms_.html

  2. JBE @ February 26th, 2007

    I received this same sms onto my UK O2 mobile while roaming - this is the url: http://69844.cc/wp/md2.aspx?m=1rrmmdrdqdj2d
    anyone have any suggestions what i should do with it?! (aside from delete of course)

  3. Whites @ March 2nd, 2007

    Hey, I just got a message like this, but it said ‘Fancy me?’ in a service Text and yes I do receive bank TXT’s giving me my statement.

    Nothing loaded when I opened the attached WebLink, same to what you have stated. My Internet has never worked on my phone anyway, what will the phising do? has it sent away my personal bank numbers etc in the txts or would I have to fill out some sort of online form?!

    Please get back to me with your views, Billy.

  4. david.kierznowski @ March 2nd, 2007

    JBE, Whites, thanks for your contributions.

    I think generally one needs to be cautious today about clicking on any “unknown” link regardless of how it is accessed (via phone or pc). An attacker can compromise your computer via an Internet Browser exploit. For an example and laugh see: http://www.gnucitizen.org/blog/what-happens-to-your-computer-if-you-mispell-googlecom

    Obviously the danger as touched on by Whites, is the fact that the text message may claim to come from a legimate source such as your bank, very nasty.

  5. lee rawlinson @ March 4th, 2007

    what is this message - http://69844.cc/wp/md2aspx?m=1rrmmjjrqd279 the message read - FANCY ME?

  6. gina @ March 8th, 2007

    I recieved a “fancy me” service mess, no link, but wated cred, tried to access online, found you. thought id leave my details, to help public see amount of ppl taken in by lates childish craze!

  7. margy @ March 10th, 2007

    i recieved a ;fancy me; on the 8/3/07 who ever these sick individuals are they need nipping in the bud .i found you and thought i would contact you as this childish behaviour has gone on long enough.

Leave a reply

Recent

Sponsored links