Odd SMS phishing attempt, for NZTA

Forums › IT Pro and developers › Odd SMS phishing attempt, for NZTA

kingdragonfly

11096 posts

Uber Geek

Subscriber

#304301 22-Apr-2023 10:36

Question: how is this obvious scam text supposed to work, in other words redirected to a phishing website?

I got this SMS message from an Australian mobile number, +61 413 520 252

NZ Transport Agency Toll Roads NZTA-You have an outstanding fee to be processed as soon as possible within 24 hours. So as not to fine. https://t.ly/NZ.TOLLpay

I went onto "t.ly" website to see if they were like bitly, where you could expand the URL. Of course they didn't, and they only have an email address to report a link, both very suspicious.

The URL was redirected to "https://xinsmturl.top/"

I did a WhoIs on that domain, and it lists the owner as

"Nathan Collier" in Victoria Australia.
* 新加坡商阿里巴巴电子商务股份有限公司
"Singaporean Alibaba E-Commerce Co., Ltd."

Which then redirected to the official NZTA website.

Did the scammer simply screw up the redirections? Was he trying to bounce from "t.ly" to "Alibaba" to a cloned web site?

(sidenote: I reported it to both the NZTA phishing report website and the DIA)

1 | 2 | 3 | 4 | 5 | 6

357 posts

Ultimate Geek

#3066851 22-Apr-2023 10:49

My Dad got two of these in two days, also a similar link. I just reported them to 7726 :)

freitasm

BDFL - Memuneh
79147 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3066852 22-Apr-2023 10:51

It is obvious to you and me but to a few others it may not be. And any credit card number collected is a proft.

amanzi

Amanzi
1288 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#3066855 22-Apr-2023 10:55

I just tried it and the phishing site worked as expected and i was not redirected to the NZTA website. It asked me for a registration plate and wanted to charge $2.40 for a rego renewal.

kingdragonfly

11096 posts

Uber Geek

Subscriber

#3066868 22-Apr-2023 11:02

Yeah, I got two SMS messages in two days, from two different Australian mobile numbers.

I hadn't heard of scammers using Alibaba to redirect / hide / obfuscate a website.

Certainly doesn't make Chinese e-commerce Alibaba's reputation better.

kingdragonfly

11096 posts

Uber Geek

Subscriber

#3066869 22-Apr-2023 11:04

amanzi:
I just tried it and the phishing site worked as expected and i was not redirected to the NZTA website. It asked me for a registration plate and wanted to charge $2.40 for a rego renewal.

I got Adguard running. Maybe that protected me?

amanzi

Amanzi
1288 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#3066878 22-Apr-2023 11:15

kingdragonfly:
amanzi:

I just tried it and the phishing site worked as expected and i was not redirected to the NZTA website. It asked me for a registration plate and wanted to charge $2.40 for a rego renewal.

I got Adguard running. Maybe that protected me?

I would be very impressed if Adguard detected that it was an NZTA phishing attempt and then redirected you to the legitimate NZTA website. I haven't heard of any security software doing that before.

Oblivian

7285 posts

Uber Geek

ID Verified

#3066882 22-Apr-2023 11:30

https://checkshorturl.com

Always better than going to the shorteners site which can be equally as click aware as the dodgyness itself

It's now reporting moved/redirect 301. Likely given the.top abuse is so widespread.

Mighty Ape

Shop now on Mighty Ape (affiliate link).

yitz

2054 posts

Uber Geek

#3066883 22-Apr-2023 11:35

kingdragonfly: I got Adguard running. Maybe that protected me?

If you read the script it looks to be targeting mobile browsers only and redirects to the proper site if you are using desktop.

BlakJak

1249 posts

Uber Geek

Trusted

#3067026 22-Apr-2023 17:09

Not odd. Just clever. And sadly this is likely to catch people who are heavy mobile users (I dunno about you but most of the time this sort of transaction is done on my computer, not my phone).

No signature to see here, move along...

Ruphus

464 posts

Ultimate Geek

#3067076 22-Apr-2023 22:00

I had three people call me last weekend saying they had received an SMS from my number (+6421xxxxxx) saying the message was from the NZTA. I had to let them know it was a scam and to not respond to the message.

BlakJak

1249 posts

Uber Geek

Trusted

#3067080 22-Apr-2023 22:15

Each one of those people needs to forward to 7726. I reckon a lot of these scammers go unreported or unnoticed because authorities and carriers are not notified. Especially if the source number was forged.

No signature to see here, move along...

Wheelbarrow01

1711 posts

Uber Geek

Trusted

Chorus

#3067139 23-Apr-2023 00:44

Here’s the one I received at about 2.30 yesterday morning:

[EDIT: apologies for the massive screenshot - I uploaded it to GZ from my phone browser and it's just how it came out]

The views expressed by me are not necessarily those of my employer Chorus NZ Ltd

kingdragonfly

11096 posts

Uber Geek

Subscriber

#3067207 23-Apr-2023 08:42

Ruphus: I had three people call me last weekend saying they had received an SMS from my number (+6421xxxxxx) saying the message was from the NZTA. I had to let them know it was a scam and to not respond to the message.

I thought New Zealand carriers already preventing Caller ID Spoofing; Are we really lagging behind the US in government technology? It's not hard; if they haven't they really need to get their sh*t together.

American FCC, Federal Communications Commission, Stop Unwanted Robocalls and Texts

Unwanted calls – including illegal and spoofed robocalls - are the FCC's top consumer complaint and our top consumer protection priority. These include complaints from consumers whose numbers are being spoofed or whose calls are being mistakenly blocked or labeled as a possible scam call by a robocall blocking app or service. The FCC is committed to doing what we can to protect you from these unwelcome situations and is cracking down on illegal calls in a variety of ways:

Issuing hundreds of millions of dollars in enforcement actions against illegal robocallers.
Empowering phone companies to block by default illegal or unwanted calls based on reasonable call analytics before the calls reach consumers.
Allowing consumer options on tools to block calls from any number that doesn't appear on a customer's contact list or other "white list."
Requiring phone companies to implement caller ID authentication to help reduce illegal spoofing.
Making consumer complaint data available to enable better call blocking and labeling solutions.

kingdragonfly

11096 posts

Uber Geek

Subscriber

#3067209 23-Apr-2023 08:46

Enterprise Apps Today: American Robocalls Statistics

in the United States, Robocalls that were fraudulent accounted for 34% of all calls in 2020.

More than 56% of senior citizens receive at least seven robocalls per week.

In 2020, 40% of all incoming calls were scams.

Every second, around 2,700 robocalls are placed.

Every phone owner receives an average of 28 robocalls and texts every month.

By the middle of 2021, the average cost of fraudulent robocalls was $1,200.

In November 2021, there were over 7 billion robocalls in the United States.

Due to COVID-19-related robocalls, Americans lost around $13.4 million in May 2020.

89% of senior citizens in the United States have received at most one robocall every week in 2021.

Over 50 million residents Americans lost their money to a scam phone call in 2020.

In 2019, a spam call lasted an average of 45 seconds.

According to Market.us’, the chatbot market size is projected to reach USD 4.3 billion by 2032.

Males are more often victims of fraud than females.

As of July 2021, victims of scam calls suffered an average loss of $502.

Oblivian

7285 posts

Uber Geek

ID Verified

#3067371 23-Apr-2023 14:23

I wonder if the reply 1 to activate is utilising the Samsung hack

Have number, can do naughty

https://mashable.com/article/android-phones-exynos-modem-bug

1 | 2 | 3 | 4 | 5 | 6