Unwanted text from your private number? don’t hunt

Verizon logo on the phone

Sarah Teo / CNET

Have you ever received a suspicious text message that appears to come from your private number? you are not alone. Several Verizon customers reported receiving similar messages this week, encouraging them to click on a mysterious link to get a gift. The carrier says it is working with the police to stop these messages.

“Verizon is aware that bad actors are sending unsolicited text messages to certain customers that appear to come from the customer’s private number,” a Verizon representative said in an emailed statement. “Our team is actively working to block these messages, and we have worked with US law enforcement to identify and stop the source of this fraudulent activity.”

A relative of a CNET team member obtained a text that matches a description of similar messages received by other Verizon customers and called in at Social media and news reports. “Free message: Your bill has been paid for the month of March,” the message read. “Thank you, this is a small gift for you.” The message included a mysterious link that made it impossible to know what it was about.

Cat-2022-03-29-at-7-46-16-am

This unsolicited text message was received by a relative of a CNET team member. The message looked as if it came from the person’s phone number.

Chris Bockert/CNET

In some cases, the links in these texts direct people to what appears to be a Verizon customer survey. “Dear Verizon customer, we would like to personally thank you for always paying your Verizon bills on time by giving you a free Apple Watch Series7!” The message says. “All we ask is that you answer a few quick questions about your recent experiences with Verizon services.” The message ends with a link to take the survey, encouraging the recipient to go through it ASAP because “This exciting offer is only available today.”

The slight increase in spam messages received by mobile phone users comes after The US government has doubled down on its fight against robocalls. Last year, the US Federal Communications Commission tasked phone and cable companies with implementing a technology called Stir/Shaken designed to curb the flow of unwanted calls by requiring voice providers to verify the source of calls. However, this move led criminals to explore other ways to continue trying to deceive mobile users.

“Stir/Shaken has shut down one way,” Clayton Liabraten, senior advisory board member for Truecaller, which makes a spam-blocking and caller ID app, told CNET in December. But it makes already qualified criminals more sophisticated and sinister in their scams.

A Verizon customer who received a spam message was almost identical to the message a relative of a CNET employee received that was posted about it in December on the Verizon Community Blog, asking if the message and link were some sort of phishing attempt. “We can’t confirm that it’s a valid link,” a Verizon customer support representative said in response to the post. We recommend not to press it.

Spam scripts like these are one of many forms of phishing, in which hackers use human error to gain access to sensitive information, usually by exploiting loopholes in the victim’s tech expert. Instead of a brute force attack, the cybercriminal pretends to be a legitimate organization or a familiar face – in this case texts from the victim’s phone number – and issues a call to action that looks fun or urgent (giving victims a little time to think twice). Hackers can use a technique called “plagiarismTo conceal their identity by deliberately falsifying the information transmitted to display your caller ID.

After luring you into a false sense of security and taking the bait, the scammer nets your sensitive information. Phishing attempts are not limited to mobile phones. They can disguise As quizzes or surveys on social media too, with questions designed to trick you into revealing information you might use to verify your accounts.

If you receive a mysterious text message that encourages you to click on a link, check the origin of the message before taking any other action, even if the contact appears legitimate — including your phone number.