One of the growing trends in the market is to scam people and steal information from them in ways you would have never thought was possible. One of those hundreds of ways to steal data is a method known as SMS phishing. This is a way in which users receive a simple-looking SMS which is malware in disguise. Now, there is no problem in receiving an SMS but the problem starts when a user interacts with the message.
Basically, this technique involves sending a link to a malicious website in the SMS which the unsuspecting users would click and these websites are such that malware is installed as soon as the website loads and you have no clue about it. Also, this technique can be a way for attackers to know that the person they are sending this SMS to is active or not. However, the method in which malware gets installed without notice is quite dangerous.
New research done by IBM’s security team on this phishing scams revealed that “the file on the distributing domain and looked into some obfuscated malicious PowerShell scripts that led us to additional Emotet-serving domains,”. This method was also found in the Trickbot malware which is available online and is part of an obfuscation technique. So the possibility that there could be a link between these two methods can’t be ignored.
The technique of phishing is similar to phishing with the help of emails as well as phishing via voice. However, attackers have noted that the rate of penetration in phishing via SMS is higher than other methods which is why they rely on this method.
If you receive a similar message saying that it is from your bank, make sure that the domain is a trusted one by searching for your bank’s website on the internet. If you find something suspicious, don’t open the link at all.