Skip to main content

T-Mobile sounds the alarm over unblockable SMS phishing attacks

Mobile network operator T-Mobile has warned its users of an unblockable smishing campaign that aims to steal their personal information and passwords, or install malware.

According to a BleepingComputer report, T-Mobile warned its users after the company was itself alerted by the New Jersey Cybersecurity / Communications Integration Cell (NJCCIC), an arm of the Office of Homeland Security and Preparedness working on cybersecurity threat analysis and incident reporting. 

The NJCCIC was approached by “multiple” customers, who had received group SMS messages pretending to be from T-Mobile. The message thanked the recipient for paying their bills on time and offered a free “gift”, to be claimed via the web link provided.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Group messages cannot be blocked

When clicked, the link redirects the user to a malicious website that aims to “steal account credentials or personal information, or install malware".

The group message was sent to numerous numbers, at random, the NJCCIC says, with the victims being targeted “dozens of times” over the span of three days. Given that these are group texts, the victims were unable to block the attacker.

The NJCCIC speculates that the smishing campaign was likely made possible due to previous data breaches affecting the mobile carrier and millions of its users. 

BleepingComputer reminds that, in the past four years, T-Mobile has disclosed a total of seven data breaches.

In 2018, data belonging to 3% of the company’s customers was accessed. And a year later, T-Mobile exposed the data belonging to some of its pre-paid customers.

In 2020, meanwhile, T-Mobile employees' email accounts were compromised, and phone numbers and call records were accessed by unauthorized third parties.

Last year wasn't devoid of incident, either, with a threat actor compromising T-Mobile’s network through its testing environment, and using the stolen information to launch SIM swap attacks.

As usual, cybersecurity experts are urging people to deploy multi-factor authentication and security keys, and not to click on links in emails and SMS from unfamiliar senders.

Via BleepingComputer



Source: TechRadar

Popular posts from this blog

iOS 14 Favorites Widget: How to Make a Replacement With Shortcuts

In iOS 14 , Apple overhauled widgets and introduced an option for adding ‌widgets‌ to the Home Screen , but in the process, a well-loved Favorites widget that existed in iOS 13 was removed. The Favorites widget let users set certain contacts and contact methods as favorites that were easily accessible, so you could, for example, add a favorite option for messaging Eric or calling Dan, with those actions executed with a tap. Why the Favorites widget was removed is a mystery and it could be a simple oversight with Apple planning to reintroduce it later, but for now, those who relied on the widget can recreate its functionality with Shortcuts. It takes some effort, but it may be worth the time investment if you often relied on your Favorites. Creating a Favorites Shortcut Making a shortcut that replicates the behavior of the Favorites widget isn't too tough, but if you want multiple favorite options, you'll need to create a separate shortcut for each one in the Shortcuts

The hidden cost of food delivery

Noah Lichtenstein Contributor Share on Twitter Noah Lichtenstein is the founder and managing partner of Crossover , a diversified private technology fund backed by institutional investors, technology execs and professional athletes and entertainers. More posts by this contributor What Studying Students Teaches Us About Great Apps I’ll admit it: When it comes to food, I’m lazy. There are dozens of great dining options within a few blocks of my home, yet I still end up ordering food through delivery apps four or five times per week. With the growing coronavirus pandemic closing restaurants and consumers self-isolating, it is likely we will see a spike in food delivery much like the 20% jump China reported during the peak of its crisis. With the food delivery sector rocketing toward a projected $365 billion by the end of the decade, I’m clearly not the only one turning to delivery apps even before the pandemic hit. Thanks to technology (and VC funding) we can get a ri

Apple Adds Support for Live Activities to Shazam

Apple today added support for Live Activities in Shazam, its free music discovery and identification app. Shazam's Live Activities keep the user updated when searching for music in the background, which is particularly useful when multitasking or identifying songs in other apps . The last significant update to Shazam arrived in January, allowing users to identify songs from other apps while listening with headphones. Apple acquired Shazam in 2018, and has been gradually bringing the app into closer alignment with ‌ Apple Music ‌ ever since, offering trials to the streaming service through the app and the ability to sync Shazams directly to ‌‌Apple Music‌‌. Shazam can be downloaded from the App Store for free . It can be accessed through the Control Center on ‌‌ iPhone ‌‌ and ‌‌ iPad ‌‌, through ‌ Siri ‌ commands, or on the Mac, as well as via widgets. Version 17.11 of Shazam is now available. Apple opened up its Live Activities API to third-party ‌iPhone‌ apps with the r

Review: Anker's Latest 3-in-1 Power Bank is a Versatile On-the-Go Powerhouse

Popular accessory brand Anker has just launched a new 10K version of its 3-in-1 power bank that offers up to 30 watts of charging power, a convenient display to quickly view exact charge status, an integrated USB-C cable for both input and output, and built-in folding prongs to recharge directly from a power outlet. I've recently been testing one of these Anker power banks out, and it has become a must-have accessory for my gear bag. Competitively priced at $44.99, the 10,000 mAh capacity means I can charge up my iPhone 15 Pro Max more than one and a half times while on the go, which is plenty for a long day out or even a weekend trip where easy access to power might be iffy. And the 30-watt charging speed means it'll charge my devices up quickly, meaning spending less time with my phone awkwardly tethered to a power bank while I'm out and about. A quick charge during a lunch or dinner is more than enough to keep my iPhone topped off for the remainder of the day. Th