FTC Warns of Phishing Text Scam

The United States Federal Trade Commission is warning Americans to be wary of text messages purporting to be from their state workforce agency.

A red flag is being waved by the FTC following the discovery of an SMS-based phishing campaign targeting recipients of unemployment insurance benefits. 

"Identity thieves are targeting millions of people nationwide with scam phishing texts aimed at stealing personal information, unemployment benefits, or both," said Seena Gressin, attorney at the division of consumer and business education at the FTC.

Several malicious texts are being sent out as the part of the campaign. One informs the recipient that they need to "make necessary corrections" to their unemployment insurance (UI) claim. Another tells the target that they need to verify their personal information.

Cyber-criminals are also disseminating a phishing text message designed to trick the recipient into thinking that they need to reactivate their UI benefits account.

A targeted user who clicks on the link in one of these messages will be taken to a fake website impersonating their state workforce agency, which Gressin said "may look very real." Instructions on the site ask the user to enter a slew of personal details, including their login credentials and Social Security number. 

"Fraudsters can use the information to file fraudulent UI benefits claims or for other identity theft," warned Gressin.

The FTC published the details of seven different phishing texts currently doing the rounds. One reads "RI-DLT Labor: This is to notify you that your Rhode Island insurance claim account is currently on hold for verification. Please complete your verification by following the instruction link below to activate your account."

Two of the messages share an identical preamble: "We are making some exciting changes to improve your UI and PUA Benefit security features." 

Gressin urged anyone who receives a message like this from either their SWA or the National Center for Disaster Fraud to report it via the website ReportFraud.ftc.gov. 

"Know that state agencies do not send text messages asking for personal information," said Gressin.

"If you get an unsolicited text or email message that looks like it’s from an SWA, don’t reply or click any link."

What’s Hot on Infosecurity Magazine?