Everybody gets spam e-mail, it's the curse of an electronic society. I forget the stats of the percentage of all e-mails that are spam, but if my memory serves me right, it's higher that you would expect*.
In the USA at least getting spam via SMS (or even iMessage) is a growing problem. As more and more financial institutions send text messages as alerts it is an obvious target to phish for financial login credentials*.
Sunday morning I received the following text message:
The URL was obviously not Wells Fargo and a junk throwaway one, but I was curious, I clicked the link, in an isolated browser environment.
OK, so they weren't trying too hard. Even the Wells Fargo logo was from a ClipArt site.
Every now and again I'm interested in just who is hosting these sites and report them in teh hope that they are taken down quickly. I'm normally pretty successful at this depending on the hosts.
Turns out TuCows were the DNS Host. I e-mailed their abuse address and they e-mailed me back a good 24 hours later saying "where's the problem". GoDaddy are really bad for this too.
The host was Yahoo. I gave up trying to report it to Yahoo. Turn out this is a very common place to host phishing sites. I also reported it to Google, to Wells Fargo and to the US Governments Anti-Phishing service.
I realize that taking one down site means that there are still thousands of other sites out there, plus it is a losing battle unless we can automate it. However if you don't try, the battle will definitely be lost. If I stop one person from being ripped off I will have achieved something.
I should have reported it to CloudFlare, they run a major DNS and have the pull with others.
I then went out car shopping for the day.
This morning I checked the site again and saw this...
I also checked DNS... seems it has been removed - at least from CloudFlare whose 126.96.36.199 service I use.
*Googling spam percentages it is left as an exercise for the reader.
*Two factor authentication will not stop you giving away your login credentials to these sites but hopefully will stop them being used before you can change them. Assuming that the 2FA being used is not SMS.