The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) has warned T-Mobile customers in the state about an ongoing SMS-based phishing campaign.
"Similar to a recent SMiShing campaign targeting Verizon Wireless customers," NJCCIC says, "the message thanks the recipient for paying their bill and includes a malicious link to accept a free gift. The message, however, is sent via group text that includes a number of random recipients and was sent to the targets dozens of times over the course of three days. Customers were unable to block the unwanted messages since they were sent via group text."
T-Mobile told BleepingComputer the "smishing" campaign (which is called as such because the security community loves to create terrible new portmanteaus for different phishing methods) is unrelated to any of the numerous data breaches the company has suffered in recent years. It's not clear exactly how the company determined that, but there doesn't appear to be concrete evidence of the attackers using leaked data to inform their campaign, either.
The company says people "can mute the text thread to stop getting alerts if anyone replies." They can delete the message thread, too, although that won't stop new messages from arriving.
NJCCIC advises T-Mobile customers targeted by smishing campaigns like this one "to navigate directly to official websites and avoid clicking links delivered in SMS text messages from unknown contacts" and "refrain from providing sensitive information to unverified websites." People can also report active SMS-based phishing attacks by forwarding the messages to 7726—"SPAM"—to help companies and government organizations combat these campaigns.
Sign up for SecurityWatch newsletter for our top
Read more on pcmag.com