ATLANTA — Text messages impersonating banks, stores, delivery companies, and government agencies have one goal: to empty your bank accounts.
“They know who you are. They know where you work. They may know how much you’re worth,” threat researcher Willis McDonald told Channel 2 Action News.
While these texts look legitimate there are ways to spot the fraud.
Fraudulent text messages are called smishing attacks. McDonald said there are several warning signs to look for.
“For one thing the domain is wrong,” he said.
Multiple requests to reenter information is another red flag.
“They’re selling access to other people. They’re logging into accounts to see how much money you have or get an idea of whether you’re an important person with access to other systems,” McDonald said.
Channel 2 Action News spoke with another threat researcher who asked that we don’t give his name, who wanted to find out who was behind the fake USPS text his wife fell victim to.
“I was pretty upset that we had to deal with the credit card being stolen, and the fact that they’re texting me now, too,” he told Channel 2 Action News.
TRENDING STORIES:
- 24-year-old woman dead in wrong-way crash on GA 400 near Buckhead
- $2 million Powerball ticket sold in metro Atlanta
- Braves centerfielder Michael Harris II ties the knot with his longtime girlfriend
He started digging into their site to find vulnerabilities. He was able to access secure information being used to run the fake websites.
“I was able to use that to crack passwords for those admins, figure out where they were coming from,” he said.
The texts were coming from a group called the Smishing Triad. The fraudsters sell smishing kits online for around $200.
“The scammers themselves were using a lot of different domains. They’d used over 1,100 domain names. So, there’s different URLs in those texts,” he said.
He found more than 400,000 people had entered their credit card numbers.
“There were multiple repeats because there were 1.2 million data entries. So that’s how many times somebody went in, and entered their credit card. Yeah, there’s a lot of credit cards for a lot of people,” he said.
He sent the information to federal investigators and multiple banks.
The United States Postal Inspection Service posted a warning about the fraudulent texts.
“If you never signed up for a USPS tracking request for a specific package, then don’t click the link!”
Eventually, he connected with the owner of the kit who told him he was a student in China.
“It was interesting to talk with somebody because he’s probably around my age, and he’s out there creating this stuff. And even though it’s very poorly designed and, developed by, it’s still making a lot of money off it,” he said.
McDonald said the best way to avoid trouble is to avoid clicking on any links and take immediate action if you think you’re a victim.
“Change your passwords on whatever credentials you put in,” he said.
Channel 2 consumer adviser Clark Howard said it can seem overwhelming to stay on top of all the fraud but there are ways to protect yourself.
“Freeze your credit files with the major credit bureaus. It’s free. It’ll take you less than 15 minutes to freeze them,” Howard said.
After that, Howard said to set up two-factor authentication for every account you have.
“And third, check your accounts at least once a week. If you’re obsessive every single day,” Howard said.
©2024 Cox Media Group
