Local

‘They know who you are’: ‘Smishing’ attack messages hope to empty bank accounts

blogger hipster using in hands gadget mobile phone, woman with backpack pointing finger on blank screen smartphone on background bokeh light in night atmospheric city, mockup street, online wifi internet concept

DAYTON — We all get text messages that look real and are being used as thieves go after taking your personal information.

A warning is being issued about the people behind the fake text messages, impersonating banks, stores, delivery companies, and the government.

News Center 7 Consumer Advisor Clark Howard provides you with the information needed to protect yourself from smishing attacks.

Some people have received text messages from the post office about a delayed package, but the message is anything but legitimate.

[DOWNLOAD: Free WHIO-TV News app for alerts as news breaks]

TRENDING STORIES:

One close glance can show you that the domain is wrong. Threat researcher Willis McDonald said looking at the domain is the best way to spot fraud. Another red flag is the multiple requests to enter your information even after they’ve received the information.

They’re selling access to other people. They’re logging into accounts to see how much money you have or get an idea of whether you’re an important person with access to other systems.

A threat researcher was pretty upset after having to deal with their credit card being stolen, and the fact that they were texting them, too.

The researcher said his wife fell victim to one of the texts. That researcher started digging into their site and did some vulnerability research on their site.

He was able to access secure information they were using to run their fake website.

“I was able to use that to crack passwords for those admins and figure out where they were coming from,” he said.

They were coming from a group called the Smishing Triad. The fraudsters sell smishing kits online for a couple of hundred dollars.

“The scammers themselves were using a lot of different domains. They’d used over 100 domain names, so there’s different URLs in those texts,” he said.

The researcher found more than 400,000 people had entered their credit card numbers.

“There were multiple repeats because there were 1.2 million data entries. So, that’s how many times somebody went in, entered their credit card,” he said.

The researcher sent that information to federal investigators and multiple banks. Eventually, he connected with the owner of the kit and posed as a student interested in developing his own.

He said, “It was interesting to talk with somebody because he’s probably around my age and he’s out there creating this stuff. And even though it’s very poorly designed and developed, it’s still making a lot of money off of it.”

This is why you should never click on those text links and report fraud right away to keep your accounts from being emptied.

Change your passwords on whatever credentials you put in. If you’ve used them elsewhere, change them also. A lot of people will use the same password, same username, which really becomes a pain if your credentials get compromised.

Clark Howard said there are some simple steps you can take to protect yourself. First, freeze your credit files with the major credit bureaus. It’s free and will take you less than 15 minutes to freeze them.

Second, set up two-factor authentication for your accounts where you have a second layer of protection from somebody stealing your money. And, third, check your accounts at least once a week.

The United States Postal Inspection Service put out a warning about these text messages and how to avoid becoming a victim. Find that information here!

[SIGN UP: WHIO-TV Daily Headlines Newsletter]


0