SMS scammers are posing as Verizon Wireless and sending text messages telling recipients to click a link to validate their account security, according to Chris Hoffman at How-To Geek. Hoffman emphasizes that the phishing scam is “shockingly convincing.” The texts don’t contain any typos and look just like something you would receive from your phone company.
The text messages contain a link to “vwireless[.]xyz” which leads to a very convincingly spoofed version of Verizon’s website. The fake login page on this site tries to trick victims into entering their phone number or user ID and their password. Once they’ve done this, the user will be taken to another form and asked to enter full name and address. After this, they’ll be redirected to Verizon’s real site.
All of this information is useful for attackers, particularly the login credentials, although it’s unknown what exactly the end goal was in this case.
“What’s the game?” Hoffman asks. “We didn’t provide real Verizon account details, so we can’t say for sure. The scammer will probably try to take over your Verizon account, order smartphones on credit, and stick you with the bill. That’s a common scam these days, as we discovered when we talked to fake job recruiters. The scammer could also use your information to execute a phone port-out scam, stealing your phone number and using it to bypass two-step verification on your accounts. If you’ve encountered this scam and given your personal details to the phishing website, you should contact Verizon immediately.”
It’s worth emphasizing that the phishing site in this case looks exactly like Verizon’s real login portal, and the URL is close enough that many people would assume it was legitimate. That’s increasingly common: fraudsters are making better use of professional-looking graphics than before. New-school security awareness training can teach your employees to instinctively treat unsolicited emails, text messages, and phone calls with suspicion, even if there are no readily apparent warning signs.
How-To Geek has the story: https://www.howtogeek.com/657333/watch-out-this-verizon-smishing-scam-is-crazy-realistic/
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
