Police in Manchester has arrested an individual recently for sending out thousands of fraudulent text messages to people, hoping to obtain sensitive details such as bank account information and defraud them.
The Manchester Evening News reports that the 21-year-old man sent almost 26,000 short text messages in one day, from SIM cards connected to multiple mobile devices. The texts purported to be from a package delivery service.
The rest took place on 17 June in a room at the Ibis Hotel on Charles Street in the city centre of Manchester, where the scammer has taken a room and was using it as the headquarters of the phishing operation.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
The fraudster is likely to belong to a larger gang, and probably just one of the foot soldiers who was caught in the act of performing the risky part of the business for the more important players that run the larger operation.
Arresting officers discovered electronic equipment that could be used for SMS phishing, which is also known as smishing. The text messages claimed to be from the Hermes parcel delivery company.
According to the police, the operation was quite large and could deliver tens of thousands of fraudulent messages every day. It is estimated that close to 26,000 texts were sent on the day of the arrest.
At least some of the messages were sent through EE, one of the largest mobile network operators and internet service providers in the United Kingdom, with over 27 million subscribers.
The messages informed potential victims of a missed delivery and asked for banking information. The number of individuals falling victim to the scam remains undisclosed.
On examination of the seized electronic devices, Greater Manchester Police said in a statement that they stored a total of 44,000 mobile phone numbers.
It appears that the man was caught when hotel staff became suspicious when they noticed him carrying a number of large cables in a bag, and alerted the authorities in Manchester.
Mark Astbury, Detective Inspector of Greater Manchester Police’s City of Manchester Central division, said: “What we have uncovered here are potentially the components of a highly sophisticated and authentic scam that I know many people not just in Greater Manchester but across the country have been potential victims of in recent weeks and months.”
People in the UK receiving suspicious text messages allegedly from Hermes should report the phishing attempt, contact the police online, or call 101.
It was later noted by phishing expert JCyberSec on Twitter that it is not only the fraudsters ‘opsec’ skills that needed to be improved, as it was discovered that GMP’s media relations team failed to remove the metadata from the image with their press release. While it has now been removed, metadata can include potentially sensitive information.
If you’re looking to boost your cybersecurity defences against social engineering attacks and looking for IT support in Doncaster, get in touch today.