This morning, I received a very blatant spam text offering me “a little gift” for supposedly paying my phone bill. Normally I’d groan, roll my eyes, and quickly delete such a thing, but there was something different about this particular message: it was spoofed as coming from my own phone number. As best my iPhone could tell, it was a legitimate message from me to myself. Tapping into the sender details took me to my own contact card.
Equally frustrating was that I had no obvious way of reporting the alarming spoof to my carrier, Verizon Wireless. Spoofed calls and texts are nothing new; most people face a constant deluge of spam calls that appear on caller ID as from a number similar to their own. But this was the first time I actually got something from my own number. These scammers keep getting more sophisticated.
Turns out I wasn’t alone. Many customers on Verizon have reported getting similar spam from their respective numbers over the last few days — same for its MVNO Visible — and several Verge employees on other carriers have also encountered them. I posted an Instagram story about it and have gotten plenty of “same” responses. SMS phishing, or “smishing,” has been on the rise in recent years, but there’s something more disconcerting and invasive about it being linked to your own number. It’s all very “the call is coming from inside the house.”
The main reaction on Twitter is confusion and “how?!” Again, this is all spoofing and technological impersonation. It’s trivially easy for spammers to camouflage as any number they choose. My Verizon account is secure, and my number hasn’t been hijacked. If you’ve gotten the same message, there’s no cause for panic. I’d advise against clicking the link included with the message, though I did exactly that for investigative purposes. The link I received forwarded me to the website of Channel One Russia, a state TV network. Others have reported similar results and say they’re redirected to Russian websites when they click the link. I’ve asked Verizon for comment, as many companies are currently on high alert for cyber attacks amid Russia’s invasion of Ukraine.
It often feels like the phone carriers are losing the war against scammers. I don’t envy having to contend with the sheer volume of spam attacks that come across their networks daily, but this is getting out of hand. I’ve noticed an uptick in general SMS spam over the last several weeks. And as Alex Lanstein noted on Twitter, this particular message contains several phrases — “free msg,” “bill is paid,” “gift” — that one assumes would be flagged by Verizon’s spam protection systems. And yet it came through successfully. And since this one showed as coming from me, the text also successfully evaded Apple’s “filter unknown messages” feature.
So what can be done? In addition to offering various measures of spam protection, Verizon and other US carriers encourage customers to forward spam texts to SPAM (7726). Some people might have pause about reporting spam “from” their own number, though. I’ve asked Verizon about what happens in that situation.
If you’re deeply annoyed by any spam texts or calls you receive, you can always file a complaint with the FCC about this stuff, where “my own number is being spoofed” is a sub-issue that can be reported.
Aside from those options, all you can really do is delete the texts and wait for the next scam tactic that seems like it shouldn’t even be possible. Damn you, scammers. Do better, carriers.
from Hacker News https://ift.tt/LsIr7nc
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.