There has been much information and disinformation shared about the USPS SMishing Attack. It’s been linked to kidnapping, QAnon, and misidentified as spam. In fact, this SMishing attack is a fast-moving, constantly changing credential stealing, social engineering phishing campaign.
SlashNext Labs first saw this SMishing attack and have blacklisted it since May 2020. However, our research shows this SMishing attack has many variations than the one revealed by Eric Ellason on Twitter, as mentioned in The Verge last week.
These SMishing attempts have been served to hundreds of thousands of mobile phones since it was first blocked by SlashNext in May. Reports of this SMishing attack has been reported from Palo Alto, CA, to Boston, MA. Once the link is clicked, it redirects to a landing page with surveys, log-in credentials, give-aways, and the link becomes dead immediately after clicking.
Here are a few examples:
This example is disguised to look like a visual voicemail message, and it’s personalized. The URL redirects to hxxp://rewardsprograms.daooftoday.com, and once the URL was clicked and blocked, the link is deactivated, and access to the phishing page is no longer accessible.
The next example is relatively similar. It is personalized, but it has a FedEx header, and the URL is different hxxp://dealsly.club. If you look closely, the attackers are a little lazy because the “fake” survey feedback to convince you the site is legit, has the same people and comments but different dates.
SMishing is much more dangerous than traditional email phishing because many users believe they’re protected by these fast-moving attacks, but most are not. Additionally, many users receive legitimate text messages from USPS, FedEx, and UPS about shipment status, which is why this SMishing attack has been very successful. If your users are not protected, credentials can be stolen, or backdoors can be created, leading to account takeovers and breaches.
The advanced SMishing protection feature in SlashNext’s Mobile Phishing Protection and Browser Phishing protection did block these attacks. These products are purpose-built to protect users on social media, SMS, and collaboration platforms by detecting credential stealing, rogue browser extensions, without compromise. Our fast, real-time phishing protection is a lightweight, cloud-powered app that protects iOS and Android users with no user experience degradation and does not transmit personal data. SlashNext’s Mobile Phishing Protection service is easily deployed and managed with leading UEM solutions or SlashNext’s Endpoint Management System.
Watch a demo video and request a free trial today
*** This is a Security Bloggers Network syndicated blog from SlashNext authored by Lisa O'Reilly. Read the original post at: https://www.slashnext.com/blog/smishing-attacks-masquerading-as-usps-and-fedex/
Penetration testing, or pen testing for short, is a critical way to protect IT systems and sensitive data from malicious…
Virtual private networks (VPNs) form a staple of the modern work environment. VPNs provide an essential layer of protection for…
Cradlepoint, a unit of Ericsson, today launched a secure access service edge (SASE) platform for branch offices using 5G wireless…
Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results…
What is the CCPA, the California Consumer Privacy Act? CCPA, or the California Consumer Privacy Act, is a law in…
Authors/Presenters: *Federico Cernera, Massimo La Morgia, Alessandro Mei, and Francesco Sassi* Many thanks to USENIX for publishing their outstanding USENIX…