Note on phishing SMS messages: "Please pay your payment immediately"

For at least a few days, customers of various operators may receive SMS messages demanding to settle the debt caused by the alleged negative cash position accumulated on the SIM grid. Orange operator informs about attempts of extortion, which during the week notice twice the increased activity of cheaters.

Watch out for phishing SMS messages that look like this in the original:

Irregular debt in the amount of PLN 4 will block outgoing connections. Link to payment valid 2h: hxx: //otworz.to/0Do9

phishing SMS messages

Or yes:

"... Please settle the payment immediately 6zl. The previous transaction was wrong. www [.] go [.] to / 7z

phishing SMS messages 2

A request for a deposit of 4.5 or 6 zlotys (depending on the campaign) may include various senders: " INFORMACJA ", " PRZYPOMINAM ", " Rachunek " or " ALERT ".

The link in these messages leads to a phishing site that impersonates the Dotpay internet payment operator. Malicious messages campaigns are aimed at extorting money from the victim's bank account.

We warn readers against attempts to open suspicious messages on the device. In this particular case we deal with a "non-dangerous" phishing that can be easily identified by the address of the website on which the victim lands after redirecting from the shortened link ( hxx://otworz.to/0Do9 or www[.]idz[.]do/7z ). In extreme cases, when instead of phishing, the criminals will redirect to download the malware, the device not supported by the manufacturer may not have the appropriate security patches to protect the smartphone from malicious software that will be granted root privileges. Then the removal of such a pest without technical knowledge will be really difficult.

Tags


Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.