“They know who you are. They know where you work, they may know how much you’re worth,” threat researcher, Willis McDonald told Boston 25 while these texts look legitimate, there are ways to spot the fraud.
Fraudulent text messages are called smishing attacks. McDonald said there are several warning signs to look for.
“For one thing the domain is wrong,” he said.
Multiple requests to reenter information is another red flag.
“They’re selling access to other people. They’re logging into accounts to see, say, how much money you have or get an idea of whether you’re an important person with access to other systems,” McDonald said.
Boston 25 spoke with another threat researcher, who asked that we don’t give his name, who wanted to find out who was behind the fake USPS text his wife fell victim to.
“I was pretty upset that we had to deal with the credit card being stolen, and the fact that they’re texting me now, too,” he said, so he started digging into their site to find vulnerabilities.
He was able to access secure information that was used to run fake websites.
“I was able to use that to crack passwords for those admins, figure out where they were coming from,” he said.
The texts were coming from a group called the Smishing Triad. The fraudsters sell smishing kits online for around $200.
“The scammers themselves were using a lot of different domains.
They’d used over 1100 domain names. So, there’s different URLs in those texts,” he said.
He found more than 400,000 people had entered their credit card numbers.
“There were multiple repeats, because there was 1.2 million data entries. So that’s how many times somebody went in, enter their credit card. Yeah, there’s a lot of credit cards for a lot of people,” he said.
He sent the information to federal investigators and multiple banks.
The United States Postal Inspection Service posted a warning about the fraudulent texts.
“If you never signed up for a USPS tracking request for a specific package, then don’t click the link!”
McDonald said the best way to avoid trouble is to avoid clicking on any links and take immediate action if you think you’re a victim.
“Change your passwords on whatever credentials you put in,” he said.
Consumer advisor Clark Howard said it can seem overwhelming to stay on top of all the fraud but there are ways to protect yourself.
“Freeze your credit files with the major credit bureaus. It’s free. It’ll take you less than 15 minutes to freeze them,” Howard said after that, set up two-factor authentication for every account you have.
“And third, check your accounts at least once a week. If you’re obsessive every single day,” Howard said.
The United States Postal Inspection Service put out a warning about these text messages and how to avoid becoming a victim. You can visit that site here.
This is a developing story. Check back for updates as more information becomes available.
Download the FREE Boston 25 News app for breaking news alerts.
Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW
©2024 Cox Media Group
/cloudfront-us-east-1.images.arcpublishing.com/cmg/7QOJU3BNCJERBNKJC5LWTBYFLU.png)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/HJWYSI3TBVHHLI4CEHP2JNM4UE.jpeg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/X5BBQHNTFZDZDJZ7HC6JPSSPOU.jpeg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/67TDR5AI2VBWDGWVTUCMBWI76E.jpeg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/43XF2MREV5H6FO4ZOSQBDOQL7E.jpeg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/3BCRH2EI3JGOJACCFXD555OAWA.jpeg)