Detecting Scam Text (SMS) Messages

Regularly I get unsolicited phone calls, those are easy to handle. I normally don’t answer calls whose contact information is not in my phone. On rare occasions when I answer the phone, I found the best thing I could tell them is “I don’t do business with people who randomly calls me on the phone.”

Text messages (SMS messages) are a different story, they will appear on my phone solicited or unsolicited. Below is a recent, scam text message I received. They are trying their best to get me the click the URL link.

I will step you through the problems I found with this text message.

  1. Most legitimate companies I deal with does not use a real phone number. They are now using a 5-digit code like “59842” to send text. Also, the text message used the country identifier “+1” for the USA. Lastly, this number was not in my address book.
  2. Have you ever heard of NRSC Poll? They may be a legit company. If you want to fill out a survey, search for NRSC Poll and see the results. If they ask for any personal info, be cautious.
  3. The text message provided a deadline which you must respond quickly? Probably because the hacker knows that this domain has a limited life.
  4. Do we talk like the example in the text message? “Quick vote!” We aren’t voting, it’s a poll.
  5. Let check out the domain! First, item 2. said it was an NRSC poll. Why doesn’t the URL contain “NRSC”?

To check out domains, I use https://whois.domaintools.com/. Type the domain into the search box and press Search. Example: win-gop22.com. When I followed these steps for this domain, I found suspicious items:

  • Yellow highlight: The domain was created on the same day the text message was sent. This is suspicious.
  • Red highlight: The domain’s registrant information was redacted for privacy. Why would a legitimate company or organization need privacy? Very suspicious.

An email is provided (Green Highlight) where you can report abuse. It is different for every domain. You can’t report abuse to Godaddy if WordPress is the domain registrar. Godaddy has form to report abuse on their website: https://supportcenter.godaddy.com/AbuseReport?

Here is the text of the original text of the message. I want the search engines around the world to be able to index this page to warn other of scams:

NRSC LIVE POLL: BIDEN-HARRIS APPROVAL. We want to hear your thoughts on the DISASTROUS Biden-Harris Administration. All responses are due by MIDNIGHT. Take action RIGHT NOW, so your voice is heard. Quick vote! http://win-gop22.com/x6bpdNA
Text STOP to END

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.