This week, hundreds of thousands of New Yorkers received scam texts after their state’s official text messaging system was breached by hackers, according to a report from NBC News.
New York’s Office of Information Technology Services told NBC News that “around 188,000 people get text messages from the state and that around 160,000 received the scam text.”
Scam texts are on the rise. By now, you’ve probably been inundated by them. Text messages from scammers claiming they need your information for a package delivery. Or maybe there’s a mystery charge on your bank account. We’ve also reported on DMV scam texts, inflation refund scam texts, wrong number messages, and the list goes on.
However, this latest scam text campaign shows just how much the issue is escalating.
This week, a mobile text messaging service called Mobile Commons, with customers such as the New York state government, the charity Catholic Relief Services, and progressive organizing group Fight for a Union, was hacked. And once Mobile Commons’ systems were breached, the hackers weaponized the service to send scam texts to people who had signed up for text message updates from those organizations.
“On the evening of Monday, November 10th, an unauthorized third party gained illegal access to our platform through what we believe was a spear phishing attack or similar social engineering method,” Mobile Commons said in a statement to NBC News. “The intruder’s access was active for a four-hour period ending at 12:10 AM on November 11th before being detected and removed. During this time, multiple attempts were made to send spam messages through our system. A limited number of these messages reached subscribers before our security protocols identified and shut down the malicious activity.”
According to NBC News, the scam texts that were sent urged users to call a toll-free number in reference to a declined bank transaction involving a large sum of money. Of course, the transactions did not exist. The hacker’s aim is to convince its targets to call the number, assuming it’s a legitimate text from their banking institution, and then likely convince the user to complete a real transaction to fix the issue. In reality, that legitimate transaction would not go to the bank or nonexistent vendor, but to the scammers.
Mobile Commons told NBC News that user information was not accessed in the breach. However, the company declined to mention how many subscribers received the scam texts.
It’s also unclear how many people fell for the scam and suffered financial damages as a result.
Mashable would like to remind readers that the safest course of action is to never interact with a phone number or link claiming to be from a financial institution. Readers should instead contact the bank or credit company directly via their official phone number to check on the legitimacy of any such text message.
