I am always interested in new phishing tricks, and watching them spread across the ecosystem.
A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. But because they came from unknown phone numbers, the links did not work. So—this is the new bit—the messages said something like: “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it.”
I saw it once, and now I am seeing it again and again. Everyone has now adopted this new trick.
One article claims that this trick has been popular since last summer. I don’t know; I would have expected to have seen it before last weekend.
Tags: phishing, SMS, social engineering