Hello, welcome to the Monday, July 25th, 2020 edition of the Sands and its Storms,

and its Stormcast, my name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Weaching talk, our handler from Singapore, came across an interesting fishing SMS message,

impersonating the inland revenue Revenue Authority of Singapore,

Singapore's Tax Authority.

In this example, the attacker did add some additional tricks to make the message more plausible.

First of all, the attacker spoofed the caller ID of the SMS message.

The caller ID used to then match a well-known Singapore bank.

By spoofing the caller ID, the message now shows up well in the same conversation as other messages that you received from the bank,

which of course makes it much more likely that a victim

will actually think the message is legit. Now what gave the message away here is that it sort

of followed a very common theme being used for a while now, and so users have learned to be

very of these type of messages. It basically states that the account was suspended because of a suspect transaction.

And then in order to restore access to the account, well, and help with the investigation also,

the victim should click on a link.

The link, of course, then leads to a phishing site, but only if the victim should click on a link. The link, of course, then leads to a fishing site,

but only if the victim uses a mobile browser.

If you're using a desktop computer,

well, then you will be blocked.

Also, if you are connecting from any of a known malware site,

IP address like VirusTotal and such, that will be blocked as well.

Block lists like this are not uncommon for fishing sites, and over the last few years, we have

...