Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.



ForumsFinance and wealth managementIRD SMS/Text Alerts
dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

#272767 14-Jul-2020 21:39
Send private message

My 15yo Son received the message below from 5678 this morning

 

Click to see full size

 

Given the language (IRD here..) and the fact that he 15's and at school with no need to complete a tax return - nor do the IRD have his mobile number AFAIK. I assumed that this was simply a phishing or scam like text and told him to delete it but send a screenshot to phishing@ird.govt.nz

 

He's just received an email back From: phishing <phishing@ird.govt.nz> and according to Gurpreet, the Cyber Security Analyst it was "This is a genuine communication from Inland Revenue"

 

What are these people on? I communicate all the time with IRD and have never once received a helpful text warning me to file a return, why on earth would they send one to a 15yo school kid?

 

 

Create new topic
Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2523133 14-Jul-2020 22:01
Send private message

Got their own bank accounts?

 

Think you still need a tax # and RWT for that



djtOtago
1181 posts

Uber Geek
+1 received by user: 605


  #2523138 14-Jul-2020 22:09
Send private message

Could be a genuine text, just sent to the wrong number. 
How long has you son had his current number?

Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2523139 14-Jul-2020 22:10
Send private message

The other gotcha may be if it's a recycled prepay number someone never updated their record of. I use to get reminders my son medical checkup was due in Akl.

 

I don't have one. Nor live there. Someone who use to have my work number before I started signed up for errrything. Including Entering those timeshare holiday crap

 

 

 

/snap



Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2556729 4-Sep-2020 09:12
Send private message

Funny how we started this..

I just got one. Despite my ird acct having email as preferred contact. No mobile number listed. And physical address there (postal blank, but its the same so who cares right..)

Yet my mobile gets a txt.

Click to see full size

freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2556734 4-Sep-2020 09:21
Send private message

Since that SMS has a link I would be suspicious of a phishing attack - even though the message looks like a legitimate one, confirmed by IRD, who knows who sent that. In any case go to the IRD website and update whatever is needed but don't click the link.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2556737 4-Sep-2020 09:28
Send private message

I went to it externally to confirm, since there appears to be no way of viewing the url encoded. Hence the findings.

But same premium num, same formatting as a above (which was verified). Probably the person from 20yrs ago who had this number moved again (same one I got hospital check-up notices for their kid)

Goes to show how dodgy it can be giving mobile out

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
floydbloke
3646 posts

Uber Geek
+1 received by user: 4554

ID Verified

  #2557010 4-Sep-2020 14:23
Send private message

Sorry, drifting off-topic here but the whole URLs within SMS message has piqued my curiosity.

 

Are links actually encoded within SMS messages, or is it the app parsing the content, recognising URL syntax and offering it up to the user as a clickable link?  And in the case above, showing a 'preview' a la Facebook posts and messenger?

 

 




Sometimes I use big words I don't always fully understand in an effort to make myself sound more photosynthesis.

Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2557062 4-Sep-2020 14:57
Send private message

It's right it's at app level. Android Alla Google hooking the http link, giving an optional preview button which my fat finger has hit at some point.

but you can't long pause and get a preview URL or anything like that in case it's hidden behind href link mask like an email.

presumably that adds to it's legitimacy but it's out of the blue given my online ird account has no mobile number listed

halper86
555 posts

Ultimate Geek
+1 received by user: 156

ID Verified

  #2557143 4-Sep-2020 15:58
Send private message

Click to see full size Click to see full size Click to see full size
Just a few examples of texts that I have received since I got an new, recycled number

dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

  #2557220 4-Sep-2020 19:11
Send private message

seems to me that quite a few of these so-called convenience messages are pretty poorly conceived in a security context.

 

i guess most of this is due to the fact that I don't know enough about how these texts are generated and the process involved.

 

at least with spf/dkim/dmark organisations can specify authorised hosts to send legitimate correspondence from and receivers can choose to receive of reject based on this. my mail servers reject and messages that fail spf as a minimum but im still surprised by how many organisations have no clue about how this works.

floydbloke
3646 posts

Uber Geek
+1 received by user: 4554

ID Verified

  #2557235 4-Sep-2020 19:44
Send private message

Thank you all.  If nothing else you've at least helped me to take a second look at txt messages and think before I click.




Sometimes I use big words I don't always fully understand in an effort to make myself sound more photosynthesis.

 
 
 
 

Stream your favourite shows now on Apple TV (affiliate link).
dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

  #2557306 4-Sep-2020 21:58
Send private message

djtOtago:

 

Could be a genuine text, just sent to the wrong number. 
How long has you son had his current number?

 

 

 

 

This was some time ago now I know - but he's had that number for a few years and it is an on account number as part of my vodafone account not a prepay number so I don't think this was the issue.

 

Also as per my op, IRD have had all of my contact details for decades (and specifically my mobile number for the last two decades) and I've never once received a message like he received.

 

This is simply just odd, but apparently legitimate communication via a medium (sms) that most people (for the meantime anyway) still take notice of, unlike junk email.

Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2557316 4-Sep-2020 23:31
Send private message

I'm tempted to call and ask if mine was intended for me, and if so what other govt dept donated my details sure my profile doesn't have it.

Mines a 17yr old 6 digit work number that i tend to sign up for stuff with. Cause, you never know if they'll take it off you

freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2557343 5-Sep-2020 09:44
Send private message

dimsim:

 

djtOtago:

 

Could be a genuine text, just sent to the wrong number. 
How long has you son had his current number?

 

 

This was some time ago now I know - but he's had that number for a few years and it is an on account number as part of my vodafone account not a prepay number so I don't think this was the issue.

 

Also as per my op, IRD have had all of my contact details for decades (and specifically my mobile number for the last two decades) and I've never once received a message like he received.

 

This is simply just odd, but apparently legitimate communication via a medium (sms) that most people (for the meantime anyway) still take notice of, unlike junk email.

 

 

There's always the possibility someone transposed a number when entering it in the form - those are not checked via a SMS confirmation (like some websites don't confirm email addresses and that's why every few days/weeks some get emails supposed to be for other people).




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright