The bad actors of the world continue to try to exploit users’ desire for a “free lunch,” as users on the Verizon network have reported receiving text messages that appear to be coming from their own phone numbers, offering them a free gift if they tap or click an included link.
The messages appear as if they came from the user’s phone and tapping the phone number in the sender’s details redirects to the user’s own Contacts entry.
The spam texts – which contain phrases like “free msg,” “bill is paid,” and “gift” – somehow evade Verizon’s own spam protection, and The Verge’s Chris Welch notes that the texts even manage to get past the iOS “Filter Unknown Messages” feature on his iPhone.
— alex lanstein (@alex_lanstein) March 28, 2022
Welch says the link in the message appears to be relatively benign – when he clicked the link in the message, it would take him to Channel One Russia, a Russian state television site. Other users indicate they have been taken to other Russian sites.
While these links appear to be harmless, messages such as these are often used as an ingredient in SMS phishing (smishing) scams. These scams involve bad actors impersonating official communications and websites from reputable firms (like your cell carrier) to trick users into entering account information.
Any time you receive an unsolicited text or email, never click the links or open any attachments that may be included in the communication.