T-Mobile subscribers are being targeted by a phishing attempt that uses unblockable texts sent through SMS (Short Message Service) group messages to deliver malicious links.
After many consumers reported being targeted by this new SMS phishing (smishing) campaign, the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issued a warning. The phishing SMS greet recipients for paying their T-Mobile bills and instruct them to click on a malicious link to receive a gift.
“The messages vary but typically thank the recipient for paying their bill and offer a gift. The messages include a link to accept the gift,” the NJCCIC clarified on Friday. “These links may lead to malicious websites intending to steal account credentials or personal information, or install malware.”
In March, a similar smishing campaign aimed at Verizon Wireless and Spectrum users, impersonating the providers in text messages that seemed to be received from the target’s phone number. The Federal Trade Commission alerted consumers to be cautious of fraudsters sending messages from their phone numbers. The FTC said that they’ve tampered with your caller ID to make it appear as though they’re texting you from your phone number, but the shock of receiving a text from yourself is guaranteed to capture your attention — which is just what they want.
According to the NJCCIC, this latest smishing effort is most likely aimed at T-Mobile consumers due to previous data breaches affecting the mobile provider and millions of current, former, or potential customers.
Last month, the New York State Office of the Attorney General (NY OAG) also notified victims of T-data Mobile’s breach in August 2021 that their identity theft risks had grown after some of their stolen information was sold in the dark web. According to the Federal Trade Commission, Americans lost more than $5.8 billion to fraud in 2021, a staggering rise of more than 70% over the previous year’s losses.