START FREE NOW CONTACT SALES

Five eye-opening text scams (aka smishing) that could fool anyone. These scams are sneaky, the criminals have done their homework before spear phishing their victims.

 

How They Bypassed Mike’s Multi-Factor Authentication in Seconds

Mike, a senior executive had 2-factor authentication enabled on his office365 account, so the attacker needed the verification code to take over Mike’s account. So he texted Mike a fake enrollment notification. In this example, the attacker used an Employee Emergency Notification Service, however, it could have been to any other service that the company uses (That’s why we should share less about what apps we are using).

To make it look legit, the attacker gave Mike the option to click YES or NO. It made Mike feel like he was in control and significantly increased the chances that he would continue. For more details about this attack see a step-by-step explanation of how this spear-phishing scam unfolded.

 

 

How They Hacked an Entire 9th Grade With This Nasty Text Scam.

An entire 9th grade was hacked in a direct message chain attack. Basically, what happened was once the attackers hacked one account they used that account to attack the victim's contact list. Here is how it happened. Emma and Mia are friends, so when Emma texted Mia that she is on the 2021 Top Ugly List... you can imagine how Mia felt. Mia didn't know that Emma's account was hacked and it wasn't Emma who was texting her, it was the attacker. For more details about this attack see a step-by-step explanation of how this spear-phishing scam unfolded.

 

How Deep Fake Was Used in This Dating Scam

Dating scams are VERY common! After all, you are ready to meet a new stranger. This is like a haven for scammers. You and the scammer are both emotionally ready... In this case, the Fake Kristi is randomly texting with the hope someone will respond. Many people are on tinder, so Kristi knows someone will eventually take the bait. Unfortunately for Scott, he took the bait. Kristi isn't waiting, she immediately starts flirting with Scott. For more details about this attack see a step-by-step explanation of how this spear-phishing scam unfolded.

 

How Donna's Office365 Account Was Hacked

They targeted Donna from Marketing. Donna doesn't report to Nick the CFO, so the scammers assumed she doesn't have Nick's phone number in her contact list. Also, they sent the text message over the weekend to make it feel more urgent and probably Donna wouldn't want to talk over the phone on a weekend. For more details about this attack see a step-by-step explanation of how this spear-phishing scam unfolded.

 

How Dave's Instagram account was hacked

This one scam could have been out of a movie. Poor Dave, he doesn't know what's coming. It's not uncommon for a friend to send you a message that they changed their phone number. Amy is using this and a bit of flirting to get Dave to click on a link. What's even scarier about this scam is the URL. Can you spot what's wrong with it? At first sight, it looks legit, however, if you take a close look at the second "a" in Instagram, you will find that it's not an "a", it's a Greek Alpha "α"... That is sneaky! Most people would not have spotted this at first sight.

 

 

So What's Next?

Awareness is key! Anyone can fall for this type of scam, even the most tech savvy. That is why training is so important. So share this page with your team or signup free to Wizer Security Awareness Training and continually educate your team about current threats and how to avoid them.



Gabriel Friedlander
Written by Gabriel Friedlander

I founded get-wizer.com in early 2019 with a mission to make basic security awareness training free for everyone. Since then Wizer has been rapidly growing with over 3000 organization who signed up for our free training. And in 2020 we partnered with several local counties to offer free Citizen Training. We believe that in this day an age, security awareness should be a basic human skill.