William Tsing of Malwarebytes Labs has published a report detailing the technique behind an SMS-based phishing campaign targeting people looking for work via the internet.
The malicious SMS campaign uses targeted text messages to redirect victims to a phishing webpage that asks them to enter personal information after reviewing a job offer.
Essentially, when the interested person examines the ad and clicks on the banner "Apply Now" he is redirected to a form in which he enters a name, address e-mail and phone number.
The funny thing is that the phishing page informs users that "All fields are required, we will contact you within 24 hours after submitting your details".
After clicking on "Submit Details" at the bottom of the form, the malicious page sends all the registered information to the attacker's servers and then redirects the victim to the official job search website to avoid suspicion.
According to Tsing 's study, the hackers target almost half of the labor market where about 49% of all employees are not satisfied with their work.
So, if you are looking for a job, make sure you do not fall over a phishing page. More specifically, if you ever receive an SMS saying that you can work from home and earn more than three times your current salary, you can delete the message without regrets, because 99% of it is a trap.