Keep your eyes open for a current phishing campaign that's targeting T-Mobile customers with malicious links using texts sent via SMS (Short Message Service) group messages.
The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issued a warning after multiple customers have filed reports of being targeted by this new SMS phishing (smishing) campaign.
In this campaign, cybercriminals are sending T-Mobile customers messages that thank the customers for paying their T-Mobile bill. As a reward, the recipients are offered a gift and are asked to redeem it by clicking on a malicious link. However, upon clicking on the link, customers are redirected to a malicious website intended to steal account credentials or personal information or install malware.
According to the NJCCIC, this new smishing campaign is probably targeting T-Mobile customers because of past data breaches that affected the mobile carrier as well as affected millions of current, former, or prospective clients.
Since 2018, T-Mobile has suffered from 6 data breaches, leading to the disclosure of personal information for millions of T-Mobile customers. With the growing number of data breaches in the United States, there has been an increase in the number of phishing attacks targeting victims who have had their data disclosed to the public.
In March, Verizon Wireless and Spectrum customers were also targeted in smishing attacks, impersonating the carriers in text messages spoofed to look like they were sent from the target’s phone number.
Because the number of smishing attacks is increasing, it’s important that consumers avoid clicking on any links received from unknown contacts. Watch out: in many cases, threat actors will spoof their number to make it seem like the message is coming from a legitimate source. As a result, rather than clicking on the links in SMS messages claiming to be from carriers like T-Mobile, it’s always best to directly log in to T-Mobile’s website to understand what the notification is about.
For assistance with cyber threats, or to evaluate your technical requirements & strategy, contact a ThreatAdvice professional today.