top of page

Smishing! (real world example)


Smishing example - identity theft
Smishing Example

We're all giddy as we don’t very often get any 🤦‍♂️ and we like to post real-world examples where possible rather than theory.


Chicken and egg - we don’t know if we're in Cyber Security because we're cynical and skeptical, or if being in Cyber Security has made us cynical and skeptical (we think it’s the former 🤣).


Red Flags


🚩So, SMS “from” TeamRevolut. No, it’s not and the “from” is easy to spoof

🚩Woah, that’s naughty. Apart from what we assume is an attempt to get PII, credit card info etc., it’s also attempting to get an image or video clip. Very handy for impersonation to start on identity theft 🚩Domain that bears no relationship to the supposed “from”

🚩The whole thing is designed to create the classic social engineering trick of fear 🚩reinforced by Authority 🚩Trust 🚩Urgency 🚩.


The first thing with SMS Phishing (Smishing), or indeed any type of phishing, is to slow down.


Back to the chicken and the egg and our cynicism and skepticism. Our initial thought was, well, if this is really from Revolut why are they sending an SMS? We have the app where they can send us notifications, and they have an email address for us so why not use one of those mediums? 🚩


That should be enough for you to just delete anything of this type, but we did go down a small rabbit hole to dig a little deeper


  1. The fancy domain was registered on the 5th of the month and we received the SMS on the 10th 🚩

  2. The domain registrar was one we’d not seen before but advertises cheap domains and is located in Hong Kong 🚩.

  3. The main IP address for the domain is in the Russian Federation 🚩 🚩.

  4. The website has an SSL certificate (the padlock in the url) but it’s issued by R3, which we're fairly sure is Let’s Encrypt so it didn’t cost the spammers anything as Let’s Encrypt cert’s are free 🚩 SSL certificates prove nothing about the security and safety of the site just that communication between your device and the site is encrypted.

Kommentare


bottom of page