Scammers used New York state text message alert system to send 166,000 scam texts
This week, a significant security breach in New York’s official text messaging system has left many residents vulnerable to scam texts, as reported by NBC News. Approximately 188,000 individuals typically receive text messages from the state, and alarmingly, around 160,000 of them were targeted by fraudulent messages. This incident underscores the escalating problem of scam texts, which have become increasingly common in recent years. From alerts about phantom package deliveries to notifications of mysterious charges on bank accounts, scammers are constantly innovating their tactics to deceive unsuspecting victims.
The breach occurred at Mobile Commons, a mobile text messaging service that serves various clients, including the New York state government and charitable organizations. According to Mobile Commons, hackers gained unauthorized access to their platform on the evening of November 10, likely through a spear phishing attack, which is a targeted attempt to steal sensitive information. The breach lasted about four hours, during which the intruder sent out multiple spam messages before the company’s security measures intervened. The scam texts specifically urged recipients to call a toll-free number regarding a fictitious declined bank transaction involving a substantial amount of money. The goal of the scammers was to trick individuals into believing they needed to rectify a banking issue, potentially leading to financial loss when victims unwittingly provided personal information or funds to the scammers.
While Mobile Commons reported that no user information was compromised during the breach, the exact number of subscribers who received the scam texts remains undisclosed. Furthermore, it is still uncertain how many individuals fell victim to the scam and incurred financial losses as a result. In light of this incident, experts recommend that individuals exercise caution when receiving unsolicited messages from financial institutions. The safest approach is to refrain from engaging with any questionable phone numbers or links and to contact banks or credit companies directly using official contact information to verify the legitimacy of any communications. As scam texts continue to proliferate, staying informed and vigilant is crucial for protecting personal information and financial security.
This week, hundreds of thousands of New Yorkers received scam texts after their state’s official text messaging system was breached by hackers, according to a report from
NBC News
.
New York’s Office of Information Technology Services told NBC News that “around 188,000 people get text messages from the state and that around 160,000 received the scam text.”
Scam texts are
on the rise
. By now, you’ve probably been inundated by them. Text messages from scammers claiming they need your information for a package delivery. Or maybe there’s a mystery charge on your bank account. We’ve also reported on
DMV scam texts
,
inflation refund scam texts
,
wrong number messages
, and the list goes on.
However, this latest scam text campaign shows just how much the issue is escalating.
This week, a mobile text messaging service called Mobile Commons, with customers such as the New York state government, the charity Catholic Relief Services, and progressive organizing group Fight for a Union, was hacked. And once Mobile Commons’ systems were breached, the hackers weaponized the service to send scam texts to people who had signed up for text message updates from those organizations.
“On the evening of Monday, November 10th, an unauthorized third party gained illegal access to our platform through what we believe was a spear phishing attack or similar social engineering method,” Mobile Commons said in a statement to
NBC News
. “The intruder’s access was active for a four-hour period ending at 12:10 AM on November 11th before being detected and removed. During this time, multiple attempts were made to send spam messages through our system. A limited number of these messages reached subscribers before our security protocols identified and shut down the malicious activity.”
According to NBC News, the scam texts that were sent urged users to call a toll-free number in reference to a declined bank transaction involving a large sum of money. Of course, the transactions did not exist. The hacker’s aim is to convince its targets to call the number, assuming it’s a legitimate text from their banking institution, and then likely convince the user to complete a real transaction to fix the issue. In reality, that legitimate transaction would not go to the bank or nonexistent vendor, but to the scammers.
Mobile Commons told NBC News that user information was not accessed in the breach. However, the company declined to mention how many subscribers received the scam texts.
It’s also unclear how many people fell for the scam and suffered financial damages as a result.
Mashable would like to remind readers that the safest course of action is to never interact with a phone number or link claiming to be from a financial institution. Readers should instead contact the bank or credit company directly via their official phone number to check on the legitimacy of any such text message.
