It’s my pleasure to announce today that NumberCop has been acquired by Whitepages, the leading source for phone and digital identity data in North America.

NumberCop’s phone and text scam protection solutions will enable Whitepages to boost its phone reputation services and expand Whitepages’ spectrum of Caller ID based risk intelligence for both businesses and consumers.

Starting today, Whitepages will integrate NumberCop’s phone and text scam protection into Whitepages’ existing app portfolio, including Whitepages CallerID for Android.  Joining forces with Whitepages is an incredible opportunity to extend NumberCop’s mission to the Whitepages’ significant user base.  I am proud of the impact that this partnership will have to fight fraudsters and spammers and protect consumers and businesses from fraudulent calls and texts.  NumberCop’s Phone Spam Blocker services for iPhone and Android devices will operate until the end of 2015 .

I want to thank our users, customers and partners for your trust, support and business over the recent years and invite you to connect with Whitepages for ongoing insights about phone reputation for both consumers and businesses.  

Jan Volzke
Founder & CEO
http://numbercop.com

Quick summary from NumberCop’s Smishing and Vishing research lab: Malicious phone phishing campaigns resumed at full speed over the last two weeks; our data confirmed targeted Smishing attacks for: Bank of America, Wells Fargo, Chase, PNC Bank (Recording here), DirectExpress, Western Union, Visa and up north Scotiabank, TD Bank and Royal Bank of Canada.

Meanwhile many Verizon, AT&T and T-Mobile customers experienced another spike in spammy SMS chat-bots driving traffic to adult sites combined with numerous account take over attempts. Things appeared to be more quiet in UK and Australia as law enforcement stroke 3 times in these markets recently.

Weekly sampling attached. Contact us for in real-time threat intelligence via NumberCop’s API.

Welcome back to your weekly summary from the Vishing and Smishing front. After several calm weeks we’ve seen campaigns resume on regular intensity, targeting Bank of America, Wells Fargo, Chase, PNC Bank, Palametto FCU (CO), Boing Employee Credit Unions (WA). 

Several campaigns went through 3 or more targets in 48h, which we haven’t seen for a while. On the Vishing side activity was rather soft targeting a smaller group of Capital One (8559683131), Bank of America (7188889961), CBC FCU (CA) (8887585316) and again Boing Employee Credit Union (WA). 

AT&T and Apple account take over Smishing resumed as well. Internationally, Smishing was detected in Canada where Scotiabank and Bank of Montreal became targets, as well as Westpac (Australia).

Weekly sampling below or real-time via NumberCop’s API. Contact us for details.

And another quick summary of last week’s action on the Smishing and Vishing front in the Financial Sector. New Smishing activity was on the typical to low side with targeted campaigns for Bank of America, Wells Fargo (multiple campaigns), Chase, Bank of Montreal (Canada), Natwest (UK) and Barclays (UK), Vishing however continued to pick up. 

Two numbers were particularly active (8888931773, 8885030711) impersonating Suntrust (8888931773), EECU Credit Union (8885030711) and Texans Credit Union (8885030711). Recipients of these calls were informed about their Debit or Credit card accounts being blocked and prompted for their card credentials via IVR.

We’re closing our trackers for another mildly active Smishing week with only a handful records: Bank of America, Wells Fargo, Chase Bank, Talmer Bank, MBT Bank, Woodforest National Bank, Scotiabank (Canada) and Natwest (United Kingdom) were among the Smishing targets.

On the Vishing side Sunmark FCU issued an alert after a significant robocall phishing campaign via 888-203-3740. This campaign was geographically pretty broadly targeted, so we assume other FI’s in the Albany, NY / 518 area codes were affected.

Carrier account takeover attempts continued to target T-Mobile and Verizon customers. Group-SMS targeting 25 or less users are the preferred distribution channel for these campaigns and effective traffic drivers to well known phishing sites.

Finishing an atypical calm Smishing and Vishing week 4/14-4/20. Besides a few standard FI Smishing campaigns targeting Bank of America and Wells Fargo - NUMBERCOP tracked only a handful of additional targeted campaigns namely for Firth Third Bank and Omaha Mutual (NE). On the Vishing side M&T Bank area codes were hit again (consistently using caller ID 8774637786) and Barclays nation-wide (via 8664674713).

Internationally, Bank of Montreal (Canada) and Natwest (UK) were continued targets. We collected further details that Natwest’s Smishing campaign uses a Spoofed Sender ID, (instead of a hijacked Sender ID as believed earlier) for sending out Smishing text messages. With Natwest now being targeted non-stop for 2nd months it becomes evident how hard it is for an affected brand to shut down and non-compliant SMS VAS in the UK.

Within the wider Smishing news we recommend to follow a few sessions at this years RSA Security Conference taking place in San Francisco this week. In particular Cathal Mc Daid’s session on Smishing (details here, presentation attached) which should be largely in line with NUMBERCOP’s Spam Research.

As always please find our weekly Smishing sampling below and on our API for further details.

Quick recap as we’re wrapping up a another busy Smishing and Vishing week. Targeted attacks were recorded on Wells Fargo, Bank of America, PNC Bank (Recording: bit.ly/1GIMiY5), Fifth Third Bank, HarrisBank and once again Boeing Credit Union (Recording: bit.ly/1O1lzGF).

Looking abroad NUMBERCOP detected Smishing campaigns targeting Bank of Montreal (Canada), Natwest (UK), O2 (UK), British Telecom (UK), Tesco (UK) and Bancolombia (Colombia).

Back in the US renewed Vishing activity was tracked especially in the 2nd part of last week targeting M&T Bank, Barclay Card and again Boeing Credit Union. We also saw the re-emergence of SMS Chat bots, which have been notability absent since the beginning of the year.

Weekly sampling below or realtime via our API’s.

Here comes your NUMBERCOP Smishing summary for last week; majority of activity targeted Wells Fargo, Bank of America, Chase (significant activity), Regions Bank, Fifth Third Bank (OH), Chief Financial CU (MI), Boeing Credit Union (WA), South Side Bank (TX), Education First FCU (TX) and numerous generic “(Card Blocked)” campaigns.

Particular attention was on Boing Credit Union last week. The 4th largest credit union, which a very strong footprint in the Seattle (WA) metro area, was targeted multiple times last week, first via Vishing robocalls, followed by 2 distinct Smishing text campaigns.

Meanwhile in the UK Natwest type smishing (via hijacked Sender IDs) expanded even further with targeted attacks on Santander, after Lloyds Bank as reported previously.

Quick summary from the Smishing & Vishing front last week. NUMBERCOP tracked new targeted Smishing campaigns for Bank of America, Wells Fargo, Chase, BBVA Compass (Recording: bit.ly/1D2PO01), Alabama State Employee Credit Union and a continuation of NCUA’s (National Credit Union Association) debit card smishing.

The NCUA Smishing campaign used the associations reference only for it’s inbound IVR while text message lures were kept generic. While not targeted directly, this prompted alerts from a variety of CU’s incl. ICU Credit Union (MA), Regional FCU (IN), Peoples Bank (WI), Cape Cod Cooperative Bank (MA), Peoples Advantage FCU (VA), Security Credit Union (MI) and Wesla FCU (LA).

Most of last weeks action however was in Canada. With tax season in its final stretch Phishers targeted the Canada Revenue Agency (Canadian IRS) in a massive Smishing campaign driving traffic to a very high quality phishing site with links to 6 (fake) Canadian bank logins (ATB, BMO, CIBC, HSBC, RBC, TD Bank, Scotiabank, Laurentian Bank, Manulife Bank, National Bank and President’s Choice Financial). That same site also received traffic from a separate TD Bank Smishing campaign. Enough for prime time news about Smishing all over Canada last week.

Meanwhile in the UK NUMBERCOP collected further evidence of a widening Natwest’s Smishing campaign, which has now expanded to Lloyds Bank. With nearly identical syntax compared to Natwest this campaign hijacked (or spoofed) once again previously legit Sender IDs (Alphanumeric Shortcodes).

A few weekly samples below, please contact us for API access & live coverage.

Last week saw a very active Smishing week with targeted attacks on Wells Fargo, Bank of America, BBVA and Discover Card. Most of the action however targeted specific Credit Unions with Philadelphia FCU and especially Alabama State Employee CU. 

In parallel a general Smishing campaign “Your Credit Union card has been temporarily locked!” triggered alerts from Centinel Bank (NM), Peoples Bank (NM), Spokane Federal Credit Union (WA), River Bank & Trust (AL) and APCO Employees CU (AL). 

Interestingly, most inbound IVR recordings referenced “National Credit Union Association” (recording here) which recently educated its’ Credit Union Members about email phishing. NCUA’s timing was right, but they forgot to mention that phishing frequently uses SMS to attack those chronically under-protected mobile users.

Across the pond, Natwest (UK) Smishing continued for a third week, while new campaigns were recorded for BMNA (UK), Westpac (Australia) and TD Bank (Canada). Smishing traffic related to TD Bank continued on that url also for the 3rd week before getting disconnected by Goo.gl.