Getting Spam Messages From Your Own Verizon Number? Don't Click The Link

spam messages own verizon numbers hacker news
Phishing attacks are currently the number one cause of data compromises, and they are becoming more sophisticated as additional countermeasures are developed and deployed and users become more wary of suspicious or unexpected messages. Just last week, we covered a new phishing technique that creates an animated login window to better fool users into giving away their passwords. Phishing is a form of social engineering, where victims are tricked into revealing sensitive information or installing malware by way of fraudulent messages or web portals.

SMS phishing or “smishing” is a form of phishing that reaches victims by way of phone text messages. Verizon customers have lately been reporting a new twist on smishing where attackers spoof users’ own phone numbers. Users have been receiving text messages from their own phone numbers that read, “Free Msg: Your bill is paid for March. Thanks, here’s a little gift for you: [shady link].”

Users have reported these links as sending them to different places. The links have directed some users to a Russian media website and others to a fraudulent Verizon customer survey prompt. The survey prompt reads, “Dear Verizon customer, we would like to personally thank you for always paying your Verizon bills on time by giving you a Free Apple Watch Series7! All we ask from you is to answer a few quick questions about your recent experiences with Verizon's services.” The prompt ends with a link to take the survey. The survey likely collects valuable information about victims, gives the attackers a monetary kickback for every user who completes the survey, distracts users while some malicious activity is carried out in the background, or all three.

spam messages own verizon numbers news

A Verizon customer support member replied to a forum thread about these recent smishing attacks, identifying them as cases of Caller ID Spoofing. “This is a technique that allows a caller or sender to change the information associated with a number. Spoofing is not caused by an error in the network or your phone.” The customer support member also stated that the Federal Communications Commission (FCC) is involved in the effort to address these smishing attacks, recommending that users who receive smishing messages to file a complaint with the FCC.

A Verizon spokesperson also spoke to The Verge about these smishing attacks, saying, “Verizon is aware that bad actors are sending spam text messages to some customers which appear to come from the customers’ own number. Our team is actively working to block these messages, and we have engaged with US law enforcement to identify and stop the source of this fraudulent activity.”

The fact that the links included in the smishing messages have directed some users to a Russian media network has raised concerns that the smishing attacks are connected to Russian state actors, but, according to the Verizon spokesperson, the company currently has “no indication that this fraudulent activity is originating from Russia.” The Verizon spokesperson also addressed fears that the widespread spoofing of users’ own phone numbers is an indicator that Verizon has had an internal breach: “We believe this activity is being generated from external bad actors with no direct tie to our company.”