Phishing SMS – A failed attempt

Just about an hour ago I received an text from one of my mentors. Excited, I read but I know him very well and knew it wasn’t him.

The phishing text :

It’s possible to do 10 k in 10 day.

hxxp://www.prosperity-today.com

I texted him directly with a new message rather than responding the message and verified that it was indeed phishing.

1. The message had no phone number associated.

2. Looking at the details of the name – the sender – they were empty. Normally, if a contact on you address book sends a message you can see their serials stored on your phone.

Possible motives :

1. By sending an text an attacker can verify that number exist or not via a delivery notification.

2. If someone responds – response in this case is not feasible as it has no return number – than attacker can continue with social engineering attack.

3. Likely I was targeted and attacker was trying to deceive me to click on the link and get the some results back to him/her.

Will be analysing the link to understand if it has any embedded and/or crafted scripts that are targeting mobile phones. This may be attempt to exploit Quadroot set of vulnerabilities on Android.

Leave a Reply

%d bloggers like this: