Text Phish Obtains Two-Factor Credentials – by Ron Benvenisti

I know everyone is busy with their Holiday preparations but I wanted to get this out there before the Holidays set in on Friday: Yes, you can be Phished by text. This one is clever but has the usual tell-tale signs.

On March 28, the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) detected a new SMS-based phishing campaign designed to obtain security PINs associated with mobile carrier accounts when one of their analysts received a text message on her phone instructing her to update her PIN by visiting a URL included in the message.

This particular SMS message masquerades as official correspondence from AT&T, but originates from a suspicious phone number and contains grammatical errors. The URL included in this message, attonline[.]net, was newly registered on March 25 and leads to a phishing page that displays the AT&T logo and provides fields for the victim to enter his or her name, phone number, billing zip code, and current account PIN.

Information submitted through this page will then likely be used by the malicious actor behind the campaign to contact the associated mobile carrier, impersonate the victim, and port the victim’s phone number to a phone or SIM card that is in the actor’s possession. Once the targeted phone number has been successfully ported, the malicious actor can then use it to gain access to any of the victim’s accounts that have SMS-based two-factor authentication (2FA) enabled, such as email, social media, and financial accounts.

Be on the alert for SMS-based phishing attacks and avoid clicking on URLs contained within unexpected and unsolicited text messages. Additionally, never reply to any unsolicited text message that requests personal or sensitive information. If you have questions or concerns regarding your mobile carrier account, we urge you to contact the company directly via their official website or designated customer support number.

Wishing everyone a joyous holiday,

Ron Benvenisti
Principal Security Consultant

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

1 COMMENT

Comments are closed.