Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersOdd SMS phishing attempt, for NZTA
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6
freitasm
BDFL - Memuneh
80654 posts

Uber Geek
+1 received by user: 41047

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3067486 24-Apr-2023 09:07
Send private message

Oblivian: I wonder if the reply 1 to activate is utilising the Samsung hack

Have number, can do naughty

https://mashable.com/article/android-phones-exynos-modem-bug

 

 

The "Samsung hack" does not need user interaction. They could have pwned the phone on the first message, no need to ask to "press 1".




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 



evnafets
567 posts

Ultimate Geek
+1 received by user: 269

Trusted
Lifetime subscriber

  #3067505 24-Apr-2023 10:31
Send private message

I don't know about SMS, but I did get a bunch of email spam about car registration expiring. 

 

initially fell for it too, as my registration was due to expire. But because I prefer doing these things on desktop/tablet I switched to one of those to actually do the transaction. 
And went to the NZTA site directly rather than clicking any links. 

 

It was only when I received another 'reminder' a week later after having paid it that I started suspecting something was up, and checked the sender details. 

 

 

kingdragonfly

11989 posts

Uber Geek
+1 received by user: 12875

Subscriber

  #3069281 29-Apr-2023 18:08
Send private message

More phishing attempts to NZTA


from +61 466 129 668

Notice: You have a bill that will be overdue and incur a penalty. Please check and complete the payment: https://is.gd/DGCEN9
Forwards to
https://nzta.nz.gavlts.com/

I've informed the URL shortener
https://is.gd

I've informed the domain provider
https://gavlts.com/

Also sent to DIA text phone number (this works for many countries)
"SPAM" = 7726

And lastly reported to NZTA



freitasm
BDFL - Memuneh
80654 posts

Uber Geek
+1 received by user: 41047

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3069282 29-Apr-2023 18:11
Send private message

Search on how to report to Google and Microsoft smartscreen filters so their browsers block the final domain.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #3070136 1-May-2023 19:23
Send private message

CERT have issued an official advisory

https://www.cert.govt.nz/individuals/alerts/phishing-scams-targeting-new-zealanders-to-install-remote-access-software/

Linux
12182 posts

Uber Geek
+1 received by user: 8476

Trusted
Lifetime subscriber

  #3070138 1-May-2023 19:26
Send private message

Had this SMS like 4 times in the last week

 
 
 
 

Shop now for Dyson appliances (affiliate link).
boosacnoodle
1274 posts

Uber Geek
+1 received by user: 858


  #3070201 1-May-2023 23:15
Send private message

This is getting beyond a joke. How hard is it to just block all text messages with an .xyz domain? When did another ever see any legitimate use case for an .xyz domain?

K8Toledo
1018 posts

Uber Geek
+1 received by user: 311


  #3070206 1-May-2023 23:57
Send private message

kingdragonfly: More phishing attempts to NZTA


from +61 466 129 668

Notice: You have a bill that will be overdue and incur a penalty. Please check and complete the payment: https://is.gd/DGCEN9
Forwards to
https://nzta.nz.gavlts.com/

I've informed the URL shortener
https://is.gd

I've informed the domain provider
https://gavlts.com/

Also sent to DIA text phone number (this works for many countries)
"SPAM" = 7726

And lastly reported to NZTA

 

Aussie Country Code is a big red flag.

K8Toledo
1018 posts

Uber Geek
+1 received by user: 311


  #3070209 2-May-2023 00:01
Send private message

boosacnoodle:

 

This is getting beyond a joke. How hard is it to just block all text messages with an .xyz domain? When did another ever see any legitimate use case for an .xyz domain?

 

 

On Android go to Messages --> Block Messages --> Block Phrases.

 

Add .xyz

ezbee
2651 posts

Uber Geek
+1 received by user: 3089


  #3072103 4-May-2023 09:33
Send private message

I just got one of these fake NZTA as well , different number +61413866258

 

The t.ly etc url as per Kingdragonfly original post today

BlakJak
1330 posts

Uber Geek
+1 received by user: 735

Trusted

  #3085250 5-Jun-2023 22:53
Send private message

boosacnoodle:

This is getting beyond a joke. How hard is it to just block all text messages with an .xyz domain? When did another ever see any legitimate use case for an .xyz domain?

 

 

Have fun with the whack-a-mole. The scam domains are under just about every TLD.




No signature to see here, move along...

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
Linux
12182 posts

Uber Geek
+1 received by user: 8476

Trusted
Lifetime subscriber

  #3085310 6-Jun-2023 08:04
Send private message

I was getting 2 to 3 of these a day over the last 2 weeks. The SMS just look so pathetic I have zero idea how people fall for this scam

kingdragonfly

11989 posts

Uber Geek
+1 received by user: 12875

Subscriber

  #3085393 6-Jun-2023 11:56
Send private message

I raised one to NZTA, Google, Microsoft and the domain provider yesterday.

TinyURL blocked it, so kudos to them.

It's targeting mobile phone users.
  1. a TinyURL hides the actual address
  2. redirects to tollingonlinenzta.icu
  3. which runs Javascript
  4. if Internet browser is a PC, redirect to legimate NZTA site
+61 468 410 012

"NZ Transport Agency Toll Roads You have an outstanding fee to be processed as soon as possible within 24 hours. So as not to fine https://tinyurl.com/mrxnpbdn"

WyleECoyoteNZ
1055 posts

Uber Geek
+1 received by user: 372


  #3085399 6-Jun-2023 12:16
Send private message

Firstly, not NZTA, but phishing.

The one that nearly sucked me in was supposedly from NZ Post. What through me, was that it came in from what looked to be a NZ number. Was a +64 number

BlakJak
1330 posts

Uber Geek
+1 received by user: 735

Trusted

  #3085525 6-Jun-2023 14:33
Send private message

kingdragonfly:

 

 

"NZ Transport Agency Toll Roads You have an outstanding fee to be processed as soon as possible within 24 hours. So as not to fine https[:]//tinyurl[.]com/mrxnpbdn"

 

 

Please defang malicious URLs if you must share them. As i've done so in the quote. (Though this one has now been killed, it's a good habit to maintain)

 

 

I also highly encourage the use of the TinyURL preview feature (Google it)




No signature to see here, move along...

1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright