top of page

New SMS phishing tool concerns and how to report "smishing"

New phishing tool Xeon Sender is causing ripples in the cyber security world. This versatile piece of software is being weaponised by cyber criminals to launch large scale SMS phishing campaigns, also known as “smishing”.



Xeon Sender’s potency lies in its ability to exploit legitimate cloud-based SMS providers. By using stolen API credentials from providers such as Amazon and Twilio, attackers can send out huge volumes of spam and phishing messages with ease.


The tool is extremely user-friendly, adding to the concerns. Initially developed as a Python-based program, Xeon Sender has evolved into a web-based version with a graphical interface, making it accessible to all, including less tech-savvy actors.


Xeon Sender is not the first bulk SMS services, which were initially designed for legitimate marketing purposes but have been abused to send unsolicited and malicious messages to unsuspecting victims.


Also increasing in popularity are SIM-swapping attacks in which a victim’s phone number is transferred to a new SIM card, after which attackers can intercept SMS-based messages including multi-factor authentication and password reset messages.


The implications are significant. Not only does Xeon Sender increase the volume and sophistication of Smishing attacks, it also underscores the importance of safeguarding API credentials and bolstering defences against SMS-based threats. As this tool continues to evolve, staying informed about its capabilities and usage is crucial for individuals and organisations alike.



Report a text message you think is a scam


Most phone providers are part of a scheme that allows customers to report suspicious text messages for free by forwarding it to 7726. If you forward a text to 7726, your provider can investigate the origin of the text and arrange to block or ban the sender, if it’s found to be malicious.


iPhone or iPad: How to forward a text message:


  1. Take a note of the number that sent you the message.

  2. Press and hold on the message bubble.

  3. Tap More.

  4. Select the message or messages you want to forward.

  5. Tap the arrow on the bottom right of your screen.

  6. Input 7726 and send.


Android: How to forward a text message:


  1. Take a note of the number that sent you the message.

  2. Enter the conversation then press and hold on the message bubble.

  3. Tap on the three vertical dots on the top right of your screen.

  4. Tap Forward.

  5. Input 7726 and send.



If 7726 doesn’t work, you can find out how to report a text message by contacting your phone provider.


Report a scam text using a screenshot or screen recording


You can also take a screenshot or screen recording of the text message and send it the NCSC at report@phishing.gov.uk


Why you should report suspicious text messages


The purpose of a scam text message is often to get you to click a link. This will take you to a website which criminals use to download viruses to your computer, or steal passwords or other personal information. This is known as 'phishing'. Most people either delete or ignore these texts. But reporting a suspicious text is free and only takes a minute. By reporting, you can:


  • reduce the amount of scam texts you receive

  • make yourself a harder target for scammers

  • protect others from cyber crime online


Did you know...


21,000 scams were removed as of July 2024 as part of the 7726 service.


If you've responded to a scam text message


If you’ve lost money or have been hacked as a result of responding to a suspicious phone call, you should report it:


  • In England, Wales or Northern Ireland, visit www.actionfraud.police.uk or call 0300 123 2040.

  • In Scotland, report to Police Scotland by calling 101.


 

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

 

Comentarios


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page