Hundreds of thousands of New Yorkers received fraudulent messages this week after hackers hacked their state's official text messaging system, according to a report NBC News.
New York's Office of Information Technology told NBC News that “about 188,000 people are receiving text messages from the state and about 160,000 have received fraudulent texts.”
Scam texts on the rise. By now you've probably been inundated with them. Text messages from scammers claiming to need your information to deliver a package. Or maybe there's a mysterious fee in your bank account. We also reported DMV Fraudulent Messages, Fraudulent messages about inflation returns, messages with wrong numberand the list goes on.
However, this latest fraudulent text campaign shows how the problem is getting worse.
This week, the mobile text messaging service Mobile Commons, whose clients include the New York State government, Catholic Charities Relief Services and the progressive organizing group Fight for a Union, was hacked. And once Mobile Commons' systems were compromised, hackers weaponized the service to send fraudulent messages to people who had signed up for text message updates from those organizations.
Mashable Speed of Light
“On the evening of Monday, November 10th, an unauthorized third party gained unlawful access to our platform through what we believe is a spear phishing attack or similar social engineering technique,” Mobile Commons said in a statement to NBC News. “The attacker's access was active for four hours ending at 00:10 on November 11 before it was discovered and removed. During this time, several attempts were made to send spam messages through our system. A limited number of these messages reached subscribers before our security protocols identified and stopped the malicious activity.”
According to NBC News, the fraudulent messages sent urged users to call a toll-free number due to a declined bank transaction for a large amount of money. Of course, there were no deals. The hacker's goal is to convince their victims to call the number, assuming it is a legitimate message from their banking institution, and then likely convince the user to make an actual transaction to resolve the problem. In reality, this legitimate transaction will not go to the bank or non-existent supplier, but to the scammers.
Mobile Commons told NBC News that no user information was obtained as a result of the hack. However, the company declined to say how many subscribers received the scam messages.
It is also unclear how many people fell for the scam and suffered financial loss as a result.
Mashable would like to remind readers that the safest course of action is to never interact with a phone number or link impersonating a financial institution. Instead, readers should contact the bank or credit card company directly at their official phone number to verify the legitimacy of any such text message.
