your passport to all things web
Dangerous Texting Scam
Although this one has not been documented in the US, yet, being aware of it may help prevent issues.
You may or may not know that is it very easy to spoof a phone number. There are sites on the internet that will dial any number keyed into the site and have it come up on your phone as any other number that is keyed in. A few years ago, I demonstrated this to a staff member. Basically, you can have the website call a phone number. The called ID might register Holy Spirit Hospital. When you answer, I tell you that someone in your family has been in an accident and you need to get to the Hospital. At that point, I know that your home, office, etc., is likely unattended and you get robbed, or worse.
Bad actors are now using that same technique to scam money via text messages. So, lets say that a CEO gets a text from a staff member requesting a purchase. The text registers as coming from that staff member. The purchase is rather large and should be “licensed” to the company so it is requested that the company make the purchase. The text then provides the link and the purchase is made. The text was bogus and so was the purchase and the funds are now lost. To make this worse, as you can read in the article, if there are already text messages from the the staff member on the cell phone, the request looks 100% legit and may go without properly confirming the request as it came in as part of an ongoing discussion with that staff member.
The moral of the story is trust but verify. If the person receiving the text had verified it with a return text, there would have been no reply and red flags would have been raised.
Do we feel this would happen here? Well, consider this: Verizon sends a text telling you your bill is ready. In the case of the article, it was a young person with no security training. So, better safe that sorry.
Read more about this type of text scam . . .