Users on Verizon's network have reported receiving text messages that appear to be sent from their own phone numbers. Here's why you shouldn't click those links.
The messages notified the user that their bill had been paid and that they would receive a free gift if they clicked the included link.
The messages appeared as though they had come from the user's phone. Tapping the phone number in the sender's details would redirect to the user's own contact card.
These spam texts also contained phrases like "free msg," "bill is paid," and "gift" -- all of which are common phrases used by malicious actors. However, Alex Lanstein noted on Twitter that Verizon's spam protection systems have failed to block messages containing multiple of these phrases.
Cc @VerizonSupport you folks should be able to detect sms spam, spoofing my own vzw number, that spoofs your own bill pay messages. Doesn't take advanced #ai #ml pic.twitter.com/wjXXS8mYKR
-- alex lanstein (@alex_lanstein) March 28, 2022
while iMessage on iOS offers a "Filter Unknown Messages" feature, these texts still managed to successfully breach the filter and appear on his iPhone.
Welch also noted that when he clicked the link in the message, it would take him to the website for Channel One Russia, a Russian state television site. Other affected users have reported being routed to similar Russian websites.
While the links in this most recent scam appear to be harmless, messages such as these often are part of "smishing" -- or SMS phishing -- scams.
Phishing scams are when malicious actors impersonate official communications and websites from otherwise reputable companies to trick users into entering their account credentials under the guise of official business.
These scams typically attempt to recreate the look of an official email or text communication coupled with a link to an external website. On the website, the victim would be prompted to enter their personal information, often their account name and password.
Any time you receive unsolicited texts, it is advised that you do not click the links within them. This includes texts from people you know, as many phishing scams will use compromised accounts to trick potential victims into clicking links.