The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issued a warning on Thursday of a new SMS phishing campaign targeting T-Mobile customers.
Phishing attacks are usually sent out via spam email and use convincing messages to trick the victim into revealing personal data or credit card information. The Short Message Service (SMS) has also been prominently used as a medium for phishing attacks, which is also named Smishing (SMS + phishing).
In this case, the message thanks recipients for paying their T-Mobile bill and includes a malicious link to accept a free gift. This message is virtually identical to a recent phishing campaign targeting Verizon Wireless customers.
The message, which has recipients selected at random, is also sent via group text, so customers are unable to block the phishing messages even if they wanted to.
Victims were likely targeted due to past breaches that impacted T-Mobile, according to the NJCCIC. The agency operates within the state’s Office of Homeland Security and Preparedness and deals with these types of cybersecurity incidents.
In its statement, the NJCCIC advised users to navigate directly to official websites and avoid clicking links delivered in SMS text messages from unknown contacts. The agency also recommended that customers avoid providing sensitive personal information to unverified websites.
T-Mobile customers who received the phishing messages are urged to report the spamming number by forwarding it to 7726 (SPAM).