If you’re a T-Mobile customer, then you want to be on the lookout for a new SMS phishing attack that is making its rounds. This is according to an alert by the NJCCIC in which they are warning that a new phishing attack has been discovered in the wild that are targeting T-Mobile customers specifically.
According to the report:
“Similar to a recent SMiShing campaign targeting Verizon Wireless customers, the message thanks the recipient for paying their bill and includes a malicious link to accept a free gift. The message, however, is sent via group text that includes a number of random recipients and was sent to the targets dozens of times over the course of three days.”
For those who are unfamiliar, phishing attacks are when users receive a link in an email or an SMS or a message asking them to click on a link. Usually these messages are made to seem like they come from a company, like your bank, for instance. Sometimes they might warn users that their accounts are compromised (the irony) and provide a link to reset their password.
Users are then taken to a website designed to look like the company’s website, but when you enter your credentials, those credentials are instead sent to someone else who might then try to use it to log into your accounts.
What makes this particular T-Mobile phishing attack so annoying is that it appears that it cannot be blocked. This means that until T-Mobile can figure something out, your best bet when you receive these types of messages is to either ignore it or go to the website directly without clicking on the provided link.
Source: Bleeping Computer