Saturday, May 14, 2016

Phishing, Smishing.

I received this text a little while ago. I've been receiving texts like it once every two or three weeks for a wee while now.

I know it's a scam. It's been well documented that this sort of thing is doing the rounds... but what doesn't seem to be so well documented is what I'm supposed to do with it.

For those that don't know, this is what's known as a phishing scam. Or, seeing as it's sent via SMS message, a smishing scam. In any case, the key fact is that it's basically an attempt to commit fraud.

When someone falls for it they click on the link contained in the text... which takes them to a website that looks exactly like a corporate,  Apple website.

It's a very convincing clone... and if you'd clicked on the link believing the message to be genuine, there isn't really any reason to suspect that it's not legit when you land here.

So I imagine plenty of people end up surrendering their Apple ID and password to the crooks responsible.

In some cases that would give them the ability to spend your money.

I used to see what I could see about who had registered the domain and when. This is what I found...

As you can see, it was registered via on  May 14th 2016. That's today.

Using a site with a dot BS domain seems rather fitting, although it turns out that the BS actually stands for the Bahamas.

It claims it was registered by someone called Peter Dawson although I'd be highly surprised if they were foolish enough to use their real name.

I don't really know, but from the outside looking in, I reckon it's fairly likely that a Peter Dawson has paid for it... it's just he's someone who'd fallen for the scam previously and is, as yet, unaware that his account has been compromised...

If the text had come from a number I'd know how to report it.

But it doesn't. It comes from an account called 'WARNING'. It's impossible for me to reply to. Or to block. Or, it seems, to report. Apparently the only course of action available to me is to delete it.

Which doesn't seem very satisfactory to me. It's not very community minded, for sure.

If someone tried - but failed - to mug me in the street, I can't imagine many people advising me to just ignore it. Because surely they're the sort of person who'll move on and try and mug someone else. Surely we should report attempted crimes, not just successful ones.

But that doesn't seem to be possible when someone tries to mug me via my phone. Ignoring it and deleting the text is, I'm told, the only thing to do. I don't even have a way of preventing those responsible from sending me more of the same. It's only if I fall for it that people will do something.

When I get spam emails I know how to block them. Or how to block emails that are like them. I know that, even if an email is lying about where it came from, someone, somewhere is able to follow the chain and work out where it really came from. I assumed the same would be true with text messages.

It seems not. It seems it is possible for someone to send thousands - probably hundreds of thousands - of texts to people without anyone being able to unravel where they originate from. Is there a good reason for this route to my phone to exist? Is there a sensible way of shutting this path down? Are there buttons I could press that would mean I could only receive text messages from identifiable sources? If there isn't... um... why isn't there? I guess there might be a reason. Is it achievable? Wouldn't less people end up getting defrauded if it were?

I know a handful of vulnerable people who would absolutely fall for this. Certainly I know one person who's fallen for a similar scam that arrived via email. It just seems a little odd to me that the phone companies provide this route to us - but don't have departments devoted to preventing this sort of abuse of the system.

Have I been given bad information or is there genuinely nothing for the community minded soul to do about this?


Unknown said...

Nominet (the .uk registry operator) have been aware of this phishing scam for at least a couple of weeks, but don't seem to be interested in doing anything about it :(

A large number of disposable Apple related domain names are being registered through (a Nominet accredited channel partner!) and used in these SMS phishing messages.

You could try to email, but I suspect that they won't be interested - generally registrars take the opinion that they aren't responsible for the content hosted on domains. The domain itself is violating trademarks though, so that could get the registration suspended (registrars can lock a domain if they suspect illegal activity, which will stop it working).

Also, (much like Nominet) are almost certainly already aware of this, but are happy to keep pocketing the money. :(

The web site is being hosted by UK2, so an email to will hopefully get the web site suspended.

Sadly, its a game of whack-a-mole - as soon as one is shut down, several more spring up!

Finally, you can also forward the SMS message to 7726 (see for your mobile operator to investigate.

Pod said...

You may find that your phone will allow you to block texts from sources outside your contacts, or a subgroup of trusted friends. I haven't tried, but it can certainly be done for calls...
Worth a look anyway.
Good luck.

Emma Spreadbury said...

Similar things happen offline with things coming through your letter box - fake charity bags and the like. You can't stop either I suppose.

I was chatting with a Year 7 class this week about how to trust the web, and they came up with a 5 star rating system applied to websites to give an indication as to its trustworthiness, which they would be compelled to display, like a hygine rating.

@J_D_Hathaway said...

I'd suggest trying to contact Apple to let them know someone is breaking copyright, trademark and intellectual property to commit fraud and damaging their brand and see how fast their lawyers get stuck in

Dave Gorman said...

@Edward Dore - Thanks for that. You have information that I think my phone provider should have been able to furnish me with. I know that with all these things it's wack-a-mole... but if it wasn't possible to send a text without being traceable in some way it would go a long way to at least closing down this route.

Dave Gorman said...

@Pod I don't want to only receive messages from people I know. I don't even insist on me being able to see who has sent every message. I just think it's ridiculous that nobody can see who has sent a message. Traceability is all I'm suggesting.

I know I've received useful texts from both courier companies and my doctor's surgery who send them from some kind of no-reply service. I'm fine with that. But no-reply doesn't have to mean not-traceable. Those could be sent and if they were abused, there could still be a way of my phone provider following it up and identifying the computer it was sent from etc etc.

Dave Gorman said...

@Emma Spreadbury: there's not a lot you can do to prevent things coming through the letterbox - unless you happen to be there when it happens - but it seems to me that this could be traceable, it's just apathy that means it isn't. Whether it's the phone company that actually responds, it seems like there ought to be some way of wack-a-mole wacking a bit quicker. If I call my phone provider, shouldn't they say, "forward it to us and we'll take a look"? And couldn't they have a direct line to nominet to say "take this site down"?

I mean, once the right person knows about this happening they can turn the tap off. So all the companies who carry these messages need to do is set up a line of communication with the right people... and train their staff to respond to the information. The idea that the official advice to an attempted fraud isn't "tell us and we'll act to stop more people falling foul of it" but "there's nothing anyone can do" is just a bit silly.

combineharvester said...

It's probably Bono and when you put your details in - you'll download U2's new album said...

I keep getting one from iTunes saying it wants more than forty pounds for a game I know that I didn't buy any thing off them so I leave it be but some people would fall for it

Unknown said...

Hi DG,
There's this nice guide that may help the community or at least worth sharing with friends and family.

You can forward the text to "SPAM" for your network but I'm not sure how much help that would do. One hopes it would at least get blocked if enough people did it - which relies on getting the word out. You've more twitter followers than me. (To be fair your cat has more than me, how is HRH?)

Andrew Sampson said...

As far as I'm aware no one is able to trace Internet numbers. They often come from networks outside of the UK and it makes it untraceable. This is, at least, what the police told me when I was trying to rid myself of a rather persistent telemarketer using the Internet to call me throughout the day. On the back of this I posed a hypothetical scenario to the officer I was talking to. If you wanted to embark on a campaign of harassment and you opted to use an Internet service to make calls/text. Could they do anything about it?

Shockingly, the answer was no.

As for the site, as has already been said, it's a game of whack a mole. In my opinion the best thing we can all do is try to educate one another about these threats.

RevK said...

Yeh other problem is that even when not a compromised SS7 system but a paid for SMS gateway, after some time you track it to being paid for by stolen card details, same as the domain. If you track the IP it may get you to someone that was sat outside a Starbucks using their wifi. And by the time you track any of this the accounts and domains have all been shut down and they are using new ones.

Anonymous said...

Would buy

James, Susie & Katy Lewis said...

I think there needs to be a lot more done to stop this, not to mention stamping out the various premium rate number scams. For starters, premium rate numbers should be banned and businesses should be made to register their numbers by law and not allowed to withhold them. It should be possible to block all overseas numbers too by opting out. I think it is disgusting and extremely questionable that more hasn't been done sooner.

James, Susie & Katy Lewis said...
This comment has been removed by the author.
Unknown said...

Thanks for this Dave. I had the exact same message when on holiday but i thought why would i go through a link on my phone to check this? I only ever access itunes/applestore via my laptop and surely apple would email me if there was a true problem, so I thought no more about the message and deleted it.

malleus bardorum said...

Edward's advice is pretty sound. Unfortunately, the problem is a bit more complicated because as a user, you need a bit of technical nous to be able to go back and check other things like the audit trail for registration, and even using tools like dig and traceroute to find out extended networking information that would give you the clues about which networks and hosting companies are involved

Rach said...

Are these comments going to form a found poem?

Rach said...

Are these comments going to form a found poem?

Anonymous said...

if a poem here
crap at poetry you be
crap at haiku too

Anonymous said...