Never open a text message sent from your own number. Never seen before scam

Hundreds of Verizon customers report receiving text messages that appear to have been sent from their own phone numbers regarding a payment from their line. Apparently, the messages notified the user that their invoice had been paid and they could receive a gift by clicking on the attached link.

From the beginning this seems only a new attempt at electronic fraud, although it is a curious fact that the messages seem to have been sent from the user’s own phone. By selecting the number to view the details, the user is redirected to their own contact card.

These spam texts also contained phrases such as “free message”, “paid invoice” and “gift”, all very common in fraudulent SMS-based campaigns. However, cybersecurity specialists point out that Verizon has not been able to block spam messages that contain phrases like these.

For Verizon users with iOS devices, for example, while iMessage offers a “Filter Unknown Messages” feature, the messages in this campaign successfully bypassed this filter and appeared on iPhone devices.

If potential victims select the link attached to the message, they will be redirected to the website of Channel One Russia, a Russian state television platform. However, other affected users reported that they were redirected to similar Russian websites.

At first glance, the links in this scam would seem to be harmless; nonetheless, messages like these are often part of SMS phishing scams, also known as smishing. As you may recall, the term phishing refers to the tactic employed by threat actors posing as legitimate entities to trick users into handing over sensitive information, including access credentials to online platforms or personal data.

Scammers usually try to recreate the look of a legitimate email or SMS message, which makes the victim pull down their gloves and be more likely to fall into the trap. At the moment it is unknown what objectives the operators of this spam campaign on Verizon pursue, although it is best for affected users to simply ignore these messages and any other similar attempt.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.