Increased SMS Phishing Attacks

I own hundreds of VOIP telephone numbers throughout every state's area codes which all forward to a single email inbox. The benefit of this is the immediate availability of different numbers for various purposes. The annoyance of this is the increasing number of SMS phishing attacks. On Friday, I received the following SMS message to five numbers which possess Illinois area codes.

"Illinois Department of Transportation (IDOT) Driver License Waiver Validation. Validate your details at https://forms.gle/EmxTZFNY8z7paZNb9"

This Google Forms address translated to the following URL:

https://docs.google.com/forms/d/e/1FAIpQLSfIQb0LIuvdtIodJnJiHiffnwgwNh8moq7qHioEouJEHZ9fPA/viewform

Screen captures are below:

This is obviously a phishing attack to steal people's identities, but let's dig in deeper. These messages arrived in chronological order to the numbers. My numbers have a structure similar to the following:

6185551212
6185551213
6185551214
6185551215
6185552000

The messages to the first four arrived within seconds of each other and the fifth number received the message about three minutes from the first. This makes me believe that the messages are being sent to blocks of telephone numbers regardless of whether they exist.

Using OSINT tools, I was able to identify the Gmail address associated with the Forms account. This account appeared within several breaches. A query of these breaches displayed the name and home address of the account owner, who is likely not involved in this scam. The passwords to all of the breaches associated with her email account were identical. The offender probably used her recycled password to access her Google account and generate the Google Form. I have attempted to contact her at a secondary email account, but have yet to receive a response.

The phone number sending the messages (5809542353) is a Verizon prepaid account, but may have been spoofed. I am intentionally leaving the number and URL within this post in case anyone receives these messages and conducts a search for details.

An hour later, I received a similar message to all of my Texas and California numbers. These all included custom forms for the Texas and California departments of motor vehicles.

I made several attempts to report all malicious forms to Google, but I do not expect to any response. As of today (Sunday), the links are still active. I currently have a script entering false details into these forms multiple times every minute until Google picks up the activity and removes the content. I realize I am preaching to the choir here, but please help spread the word to those less tech-aware.

The Privacy, Security, & OSINT Show – Episode 221

EPISODE 221-Anonymous Mobile Devices

This week I present my thoughts on anonymous mobile devices and offer two updates to the current books.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

AirTag Speaker Removal

BOOK UPDATES:

Total Cookie Protection
OSINT VM Issues

ANONYMOUS MOBILE DEVICES:

Tracking
IMEI
IMSI
ICCID
MSISDN
GrapheneOS
https://inteltechniques.com/grapheneos.html

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J

OSINT VM Updates

Things change quickly. Today, I made the following updates to the OSINT Virtual Machine:

Modified linux.txt, linux.sh, and updates.sh to update the "sudo" pip installation options. This resolves some path issues caused by my previous "update".

Modified linux.txt, linux.sh, reddit.sh, and updates.sh to update the installation, execution, and update process for 'Bulk Downloader For Reddit'. Note that this utility requires Python 3.9 and the automated script will not work until Ubuntu defaults to Python 3.9.

Overall, use the text files and scripts provided within the link from your book. If your recent build is not functioning properly, rebuild with the new files.

The Privacy, Security, & OSINT Show – Episode 220

EPISODE 220-Privacy, Security, & OSINT Potluck

This week I clear out all of my pending show notes and offer a variety of privacy, security, & OSINT topics. For better or worse, I present everything on my list which didn’t warrant a dedicated episode.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

AirTag Feedback

UPDATES:

None

NEWS:

None

PRIVACY, SECURITY, & OSINT POTLUCK:

CFAA Too Broad
Google Tracking Lawsuit
FBI IP Address Warrant
Apple iOS 15
Street View: Blur or Keep?
Breach Review: Criminal Networks
SwarmShop
RockYou2021: magnet:?xt=urn:btih:JEQMEEFTBXT35RJ3GUTGXU7HP3HBU5P6&dn
Raccoon Stealer
Common Law Name: https://commonlaw.name

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J

The Privacy, Security, & OSINT Show – Episode 219

EPISODE 219-Tracking (Or Getting Tracked) with AirTags

This week I discuss the tracking abilities (and concerns) of Apple AirTags, the latest privacy updates, plus a new OSINT resource.

Direct support for this podcast comes from sales of my books, services, and online video training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

Community

UPDATES:

EP Book Updates
Video Training Updates

NEWS:

Amazon Sidewalk (June 8th)

TRACKING (OR GETTING TRACKED) WITH AIRTAGS:

Typical Use
Malicious Use
Network
iPhone Concerns
Android Concerns
Reactive Solutions
Proactive Solutions
https://apps.apple.com/us/app/lightblue/id557428110
https://play.google.com/store/apps/details?id=com.punchthrough.lightblueexplorer

OSINT:
https://userhunt.co/

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/2B5svbH