In recent weeks, there has been a surge in reports of a widespread SMS phishing scam campaign targeting individuals across Malaysia. This campaign employs deceptive tactics to trick recipients into clicking on malicious links, potentially leading to financial losses or compromised personal information.
The Scam in Action The scammers behind this campaign are utilizing some distinct SMS messages to lure unsuspecting victims. Here are the examples of the SMS messages circulating:
Scam SMS Messages & Analysis:
Scam SMS 1:
“Maxis Points Service: Your current points account is 3,022 points and will expire in 24 hours. Use your points ASAP: goo[.]su/AQRQk?HQW=ruN8BfyZTG”
SMS SCAMMER
Scam SMS 2:
“NOTICE: Your item has been delivered to the warehouse but delivery is now suspended due to incorrect delivery address information. Please update your shipping address. is[.]gd/hq9qaa?AAy=Ti57dA0wHG (Reply with “Y” and then stop sending the text message and reopen it to activate the link, or copy the link and open it in Chrome)”
SMS SCAMMER
These links are known to redirect to the following malicious websites:
- is[.]gd/hq9qaa?AAy=Ti57dA0wHG > https://post-mys[.]shop/gov
- goo[.]su/AQRQk?HQW=ruN8BfyZTG > https://my-maxisj[.]top/bOK3Ta/
WARNING: DON’T ACCESS THESE LINKS OR SHARE THEM
Scam Indicators and Tips:
While the SMS messages may appear legitimate at first glance, there are several indicators that reveal their malicious nature:
- Unfamiliar Sender: The SMS messages originate from an unknown or unfamiliar number (e.g. 010-451 6167 > malicious number), which should raise suspicion.
- Urgent Language: Phrases like “will expire in 24 hours” or “delivery is now suspended” create a sense of urgency and pressure the recipient into taking immediate action.
- Suspicious Links / Short Redirection Links: The provided links use URL shorteners (goo[.]su, is[.]gd) to obscure the true destination, which is a common tactic used by scammers.
- Impersonation: The scammers attempt to impersonate legitimate businesses or services, such as Maxis or a delivery service, to gain credibility.
- Unusual Instructions: Instructions like “Reply with ‘Y’ and then stop sending the text message and reopen it to activate the link” are unusual and should raise red flags.
Protection Tips:
To protect yourself from falling victim to this scam, it’s essential to exercise caution and follow these best practices:
- Never click on links or follow instructions provided in unsolicited SMS messages, especially from unknown or suspicious sources.
- Verify the legitimacy of any claims or requests by contacting the company or service through official channels (e.g., website, customer support).
- Keep your mobile device’s operating system and security software up-to-date to protect against the latest threats and vulnerabilities.
- Be wary of URLs that use URL shorteners or appear suspicious, as they may lead to malicious websites.
Report Scams:
Report Scams to ScamCheck Malaysia If you have received these or similar SMS messages, or if you suspect that you have fallen victim to this scam, we encourage you to report the incident to ScamCheck Malaysia. By sharing your experience and providing details about the scam, you can help us raise awareness and prevent others from becoming victims.
To report a scam, visit our website at scamcheck.my/report or send us an email at report@scamcheck.my. Your information will be treated confidentially and will assist us in tracking and combating these types of scams more effectively.
Remember, staying vigilant and exercising caution are the best defenses against scams. By working together and raising awareness, we can create a safer environment for all Malaysians and protect ourselves from falling victim to these malicious campaigns.
