2021 is being (like others) the year of SMS phishing scams. Flubot has been the best and most documented example of this first five months of the year, and has had a lot to do with posing as transport companies, such as Correos, FedEx, MRW, DHL, etc.
After that, for a few weeks different campaigns have arrived in the names of banks that try the same thing, that is, to get user data to be able to get their money later. We discussed it a few days ago with a Caixabank and Santander phishing, and now we see it again with the seconds in SMS messages that also relate to Amazon.
Santander: Dear customer, a charge will be made from Amazon ...
Santander is being the hook that we see the most being used by malicious actors. According to the complaints we have seen in recent days, one of the schemes is this:
SANTANDER Dear customer, a charge of 207.07e will be made from AMAZON to divide or cancel receipts [URL]
As you can see, no commas where they touch, colon or symbols like the euro. Faults that are repeated a lot in these phishing messages and that should help us avoid clicking on their links and, above all, comply with the requirements of the destination websites, whether installing an application or filling in the data of a website with a similar aspect to Santander's. In the case of the capture link, we cannot know what it leads to, because right now the domain no longer exists, probably due to complaints.
Children, watch out for SMS related to alleged charges on Amazon. The URL obviously attracts attention, but someone who does not know much of the same falls into the trap. pic.twitter.com/Z2qxHVHicA- bydiox (@bydiox) May 28, 2021
The National Police has also reported another scheme, one in which the victim receives a report on receiving a refund, and you are urged to check it out on their website. The logical thing is to check with the legitimate Santander application that its users have already installed, but we already know that 'phishing' works a lot by rushing the user, who out of fear or joy runs to see how much that charge is about or refund.
You get a #sms ✉ supposedly from your bank saying that they have made you a refund and that by clicking on a link you will see it
You get carried away by emotion ... et voilà! you have chopped 🙄May 26, 2021
How to do with our phone numbers
It is the question that everyone asks when a fraudulent SMS is received. A clear answer cannot be given for all cases, but in 2021 things have happened that can explain it.
First of all, it's time to talk about Flubot again. In March it was estimated that with this SMS from Fedex, DHL and other messengers, those responsible managed to get 11 million Spanish numbers, and there will probably be many more today. It is a very large database of phones (and with names in many cases) to which you can start attacking.
Other possibilities to get hold of many phone numbers are the Facebook breach, which also left 11 million Spanish numbers uncovered, and The Phone House breach, which allowed ransomware attackers to gain more than 5.2 million numbers. records and emails, many of them associated with Spanish phone numbers. These two databases are easily obtained from the Deep Web.