SMS based phishing attacks (Smishing) are a real threat that we see every day. To help you spot them in future, this is how they work.
At 17:52 pm today I received a text message from my mobile phone network, ‘EE’. I picked up the message at 18:08. This is what it said:
[EE]:We were unable to process your latest bill. In order to avoid fees, update your billing information via: https://ee.uk.billing45.com/?ee=2
(It’s not a real link. I’ve made it unclickable. Please don’t visit it…)
So that’s weird. Yes, I’m an EE customer and they send me text messages all the time. But that domain looks strange. Let’s check it out. What happens when I visit the link with Chrome on my Android phone?
It works! And it looks pretty real. That’s almost exactly what I see whenever I visit the EE site on my Android phone. However, four things stand out immediately:
- The domain is not a domain I trust. I’ve no idea who billing45.com are.
- The copyright statement is 2019. It’s over a month into 2020 now. Either EE generates this value dynamically or someone will have updated it by now.
- Most of the links in the footer do nothing. Some of them actually take you to real EE sites. The link to newsroom actually works…
- It’s got the secure padlock we’ve all been trained to look for. Looks legit, right? Maybe not.
When I open the site on my laptop however, Chrome gives me a big red warning message: