Scammers used New York state text message alert system to send 166,000 scam texts
This week, a significant cybersecurity breach affecting New York’s official text messaging system has left hundreds of thousands of residents vulnerable to scam texts. According to a report by NBC News, New York’s Office of Information Technology Services revealed that approximately 188,000 individuals receive text messages from the state, and around 160,000 of them were targeted by the recent scam. This alarming incident underscores the escalating issue of scam texts that have become increasingly prevalent in today’s digital landscape. Many people are familiar with these unsolicited messages, which often claim to require personal information for package deliveries or alert recipients to supposed unauthorized charges on their bank accounts.
The breach occurred when Mobile Commons, a mobile text messaging service utilized by various organizations, including the New York state government and several charities, was compromised. In a statement to NBC News, Mobile Commons explained that the unauthorized access was likely achieved through a spear phishing attack or a similar social engineering tactic. The breach lasted for about four hours, during which time scammers exploited the platform to send fraudulent messages urging recipients to call a toll-free number regarding a fictitious declined bank transaction. The goal was to trick individuals into believing they were communicating with their financial institution, leading them to provide sensitive information or make payments that would ultimately benefit the scammers.
While Mobile Commons assured that user information was not accessed during the breach, the extent of the damage remains unclear, particularly regarding how many recipients fell victim to the scam. Experts advise the public to exercise caution and refrain from engaging with any unsolicited texts claiming to be from banks or financial institutions. Instead, individuals should verify the legitimacy of such communications by contacting their bank directly using official contact information. This incident serves as a stark reminder of the vulnerabilities inherent in digital communication systems and the importance of remaining vigilant against increasingly sophisticated scam tactics.
This week, hundreds of thousands of New Yorkers received scam texts after their state’s official text messaging system was breached by hackers, according to a report from
NBC News
.
New York’s Office of Information Technology Services told NBC News that “around 188,000 people get text messages from the state and that around 160,000 received the scam text.”
Scam texts are
on the rise
. By now, you’ve probably been inundated by them. Text messages from scammers claiming they need your information for a package delivery. Or maybe there’s a mystery charge on your bank account. We’ve also reported on
DMV scam texts
,
inflation refund scam texts
,
wrong number messages
, and the list goes on.
However, this latest scam text campaign shows just how much the issue is escalating.
This week, a mobile text messaging service called Mobile Commons, with customers such as the New York state government, the charity Catholic Relief Services, and progressive organizing group Fight for a Union, was hacked. And once Mobile Commons’ systems were breached, the hackers weaponized the service to send scam texts to people who had signed up for text message updates from those organizations.
“On the evening of Monday, November 10th, an unauthorized third party gained illegal access to our platform through what we believe was a spear phishing attack or similar social engineering method,” Mobile Commons said in a statement to
NBC News
. “The intruder’s access was active for a four-hour period ending at 12:10 AM on November 11th before being detected and removed. During this time, multiple attempts were made to send spam messages through our system. A limited number of these messages reached subscribers before our security protocols identified and shut down the malicious activity.”
According to NBC News, the scam texts that were sent urged users to call a toll-free number in reference to a declined bank transaction involving a large sum of money. Of course, the transactions did not exist. The hacker’s aim is to convince its targets to call the number, assuming it’s a legitimate text from their banking institution, and then likely convince the user to complete a real transaction to fix the issue. In reality, that legitimate transaction would not go to the bank or nonexistent vendor, but to the scammers.
Mobile Commons told NBC News that user information was not accessed in the breach. However, the company declined to mention how many subscribers received the scam texts.
It’s also unclear how many people fell for the scam and suffered financial damages as a result.
Mashable would like to remind readers that the safest course of action is to never interact with a phone number or link claiming to be from a financial institution. Readers should instead contact the bank or credit company directly via their official phone number to check on the legitimacy of any such text message.
