Threat Alert: MMSPHISHING Used to Steal Confidential Information

• There has been a significant uptick in phishing attacks carried out via the multimedia messaging service (MMS) on mobile devices.
• They have been observed on messaging applications like WhatsApp and Line.
• These attacks use a variety of lures. However, they all deliver a legitimate-seeming image, followed by texts that provide additional details and ask for a response.
• Lures have sought to impersonate trusted brands, like PayPal or FedEx, as well as individuals like U.S. Federal Reserve Chair Jerome Powell.
• These attacks aim to steal various confidential information from the recipient.

Key Actions at Work and at Home 

• Do not engage with unusual or suspicious text or MMS messages. Don’t click unknown links, download apps or files, or reply to unknown senders.
• Report spam and suspicious text messages. Use the spam reporting feature in your messaging app. (Processes vary based on your device and wireless service provider.) Forwarding suspicious text messages to 7726 (which spells “SPAM” on a traditional English keypad) is also an option in many countries. By reporting, you help providers identify