Yesterday, my gfnd got a SMiShing text to her phone against Key Point Credit Union. The obvious tip off that this was an attack was that she doesn’t have an account with Key Point, not to mention the other clues. This is the first instance of it in the US I’ve heard of, although I’d be surprised if this was the first example of it. The number it was from was 905-392-8040. Unlike normal phishing though, it’s much harder to report the issue. Most people wouldn’t have the first clue how to log, forward or respond to the SMiShing attack.
Dear Key Point Credit Union Customer, we regret to inform you that we had to lock your bank account access. Call 800-482-0452 to restore your bank account.
Just another thing to be worried about. I have no idea what the lift on SMiShing attacks are compared to their online variants, but it’s an interesting phenomena. Since email addresses of SMSs are fairly easy to predict, it’s fairly simple to re-purpose spam gateways that are designed exactly for this purpose. The only trick is gathering enough mobile phone numbers.