Today, we are going to look into the smishing scam that has been going around in the State of Alabama. The scammers are posing as the Alabama Department of Transportation (ALDOT) using a fake website to try and lure in victims. The scam has gotten so bad that ALDOT has had to put out an advisory to warn people about avoiding the scam. Let’s briefly go over what these scams are and then take a deeper dive into the scam from the technical perspective.
Quick overview of ‘SMISHING’ scams:
Smishing is a phishing attempt that uses text communication as the medium to deliver the scam attempts. The threat actors will often pose as organizations and use fear tactics to get you to send over personal identifiable information that can be used for identify fraud or to drain your bank account. Phising attacks can have a devestating affect on individuals, families, and organizations. In fact, the International Association of Financial Crimes Investigators reported that in 2022 that there was over 300,000 complaints for phishing related incidents.
A technical look at the scams:
I wanted to figure out more information about the scams to see if I could pin it back to any specific group. To accomplish this, I used any.run which is a malware sandbox application that lets you safely browse links without infecting your network. I do not recommend that you click on the links yourself if you received them as you never know if there could be any specific malware or other viruses in them.
I began my investigation by doing some open-source resources. Reddit can be invaluable as oftentimes many people will go to these platforms when they get smishing texts that have affected themselves or their loved ones. Through this research, I was able to compile a list of domain names that the hackers were using. An alarming about of the links started with alabama.gov and then included a hyphen. This indicates to me that the scammers are trying to fool people into thinking it’s an actual Alabama government website, and this tactic is quite common among phishers.
I proceeded to go through a few links but most seemed to be inactive. Yet, the servers were responsive in quite a few of the links which indicates to me that the threat actors are shutting off the websites and turning them on at specific times.
I did finally manage to find a link that did work. I ran it through any.run, which is a malware sandbox, and it loaded up a website that is tailored for mobile websites. It includes stolen graphic design from Alabama government websites which, on a cell phone, could look alarmingly similar if you are someone who has visited official websites.
After going through a few links that all seemed to be inactive we finally came across a link that did work. What we learned is that the scammers are trying to mimic an ALDOT website by using logos and branding all prevalent in actual Alabama government websites. The website is clearly designed for mobile devices, and on a mobile device, it can clearly seem like an authentic website!
Upon clicking on the ‘Pay Toll’ link it brings you to a page where it wants personable identifiable information. We suspect that they are harvesting this information for further phishing attempts because once a scammer knows a victim is specifiable to being fooled by the attacks then the more likely they are to continue doing these types of schemes.
Tips
Please be careful when you receive a text message with any links, and especially if those links are asking for money. You should not click on the links or provide any personal information. Moreover, if you get a text message claiming to be from a certain organization and they are demanding money then you should go visit the office in person or through the official phone number of the organization.
Lastly, you can and should report these type of smishing scams to the Federal Trade Commission which has a taskforce that are countering these scams. Moreover, you can go to https://reportfraud.ftc.gov/ and it only takes a few minutes!
Leave a Reply