Catch Of The Week: NMB&T Themed Smishing Scams

By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post

This week’s scam is a New Mexico Bank & Trust themed smishing scam!

What is smishing? Smishing (SMS phishing) uses deceptive text messages to trick victims into sharing personal information or clicking malicious links, while phishing uses fraudulent emails and fake websites to achieve the same things. 

It’s still a phishing scam, just via text message. 

In this case, I received the below text message this week:

 

Courtesy photo

This actually went to my Google Voice number, which helpfully tells me this may be spam- indeed!

Right off the bat, that’s not a New Mexico area code, I looked it up and it’s for the Bronx in NYC. 

The message has some major typos, and you might be wondering why. Wouldn’t you want to make the most realistic scam text possible? A couple reasons – in some cases, English is not their first language and they just make mistakes. But another reason is to try to filter out those who would notice the errors from those who don’t, as the ones who don’t are way easier to scam. And another surprising reason is to trick spam filters in emails and text services. Notice “on hold” is spelled “0n h0ld” by inserting numbers instead of letters, they hope to avoid that being caught by a spam filter.

The message claims your account is on hold and asks you to click the link to regain access, again classic move of trying to create a sense of urgency. This is super common in all smishing and phishing scams.

Finally, the link. Yikes! Big ol’ yikes. When looking at a website’s URL, you always want to determine the actual root domain, the text right before the “.com”. In this case, the actual root domain is “weebly.com”, ignore the gibberish before that. Weebly is a web hosting company, why on earth would a bank’s official website look like this? It wouldn’t. Below is a screenshot of the actual bank’s website.

Courtesy photo

So once again, nice try scammers, but pretty low quality effort here. That said, if you weren’t paying attention, were having an off day, whatever, you could miss the signs and still fall for it. Think before you click anything online, don’t let emotion cloud your judgement, take a look at it and figure out what’s really going on. Stay safe online, and if something feels off, it almost certainly is.

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.

Search
LOS ALAMOS

ladailypost.com website support locally by OviNuppi Systems