14 DAY TRIAL // Malwarebytes Labs' William Tsing published a report detailing the mechanics behind an SMS-based phishing campaign aimed at job seekers.
The malicious SMS campaign uses targeted text messages to redirect victims to a phishing web page where they are asked to enter personal information after reviewing a "job offer."
After studying the job scam and hitting the "Apply Now" button, the target is directed to a form where the attackers ask the victim to enter the full name, the e-mail address, and phone number.
The unsuspecting job hunter is also made aware on the phishing page that "All fields are mandatory, you will be contacted by one of our representants withing 24 hours of submiting your details."
Although the attackers can ask for any information they may think of, in this case, they probably only went for those three pieces of info because of phishing campaign "requirements" or "restrictions."
SMS phishing campaign will usually redirect the victim to a phishing page designed to exfiltrate info to the attacker's servers
Following a click on the "Submit Details" button at the bottom of the form, the malicious page sends all the entered information to the attacker's servers and redirects the victim to the official website of the "job poster" to avoid raising any questions.
According to a study quoted by Tsing in his report, the scammers are most probably targeting almost half of the job market where around 49 percent of all workers are not happy with their jobs.
If you are hunting for a job and you want to land a new one as fast as possible, make sure that you don't fall for SMS scams especially since it's quite easy to detect them.
More precisely, if you'll ever get an SMS saying that you can work from home and earn more than triple your current salary, you can delete the message with absolutely no regrets because there's a 99% chance that it's a trap.