14 DAY TRIAL // Cloudmark warns that cybercriminals are sending out phishing SMS messages in an attempt to trick the customers of US-based mobile operators into handing over their account login credentials. The attackers are abusing Twilio and the URL shortening service ow.ly in their campaign.
Experts say that over a quarter of a million mobile users have received the phishing SMSs. Twilio has been abused to send out more than 385,000 messages from around 2,500 unique phone numbers.
The scammy messages read something like, “Congratulations! You have been randomly selected to receive an account Credit.” Another variant reads, “Hurray! You are one lucky customer getting a 5% discount on your next month balance, please login.”
“Excellent! You are one lucky customer getting a 35% discount on your next month balance, please visit [link],” a third version of the phishing messages reads.
When users access the link from a mobile phone, they’re taken to a phishing page that replicates the legitimate login site of a mobile operator. If the link is clicked from a desktop version of the web browser, a 404 error page is displayed.
This tactic enables the cybercriminals to prevent their phishing pages from being flagged by anti-abuse services.
The fact that they’re utilizing the ow.ly URL shortening service is not random. Unlike other similar services, ow.ly doesn’t check the original URL and it doesn’t have a system for reporting abuse.
“URL shortening services like ow.ly and advanced telecommunications services like Twilio offer real value to individuals and organizations, lowering the barriers to communication and connection – usually a great thing. But they’re also open to abuse, and they need to recognize their part in helping to prevent it,” Cloudmark’s Mike Acar noted in a blog post.