GRTech
Sophos discovers SMS phishing scam that pretends to be Apple “chatbot”
BY Sandra Ani


If you think SMSes are dead, you need to have a rethink. In fact, SMS is still of big interest to businesses and cybercriminals know about this.
If you consider this report coming from Naked Security, you will understand they are still widely used because of their simplicity and convenience.
Indeed, as a general-purpose short message service – which is literally what the letters SMS stand for – it’s hard to beat, because any phone can receive text messages, from the fanciest smartphone to the cheapest pre-paid mobile.
If all you need to transmit is a 6-digit logon code or a “pizza driver now 2 minutes away” notification, SMSes still make excellent business sense.
Sadly, and as noted by Naked Security, however, what works for legitimate businesses almost always works for cybercriminals too, so there are plenty of crooks still using SMSes for phishing – an attack that’s wryly known as smishing.
You can see why SMSes work for crooks. Start a
With just 160 characters per message, it’s easy for them to avoid the grammatical and stylistic blunders that they often make when they’re forced to produce longer-format email messages in a language they don’t speak well.
Better yet, business SMSes generally use URL shorteners to save space, giving the criminals an excuse to do the same.
URL shorteners convert lengthy but meaningful web addresses such as https://brandname.example.com/pizza-order.html?lang=en-US into a compressed but cryptic format such as https://xx.test/ABXt that frees up characters for the rest of the SMS, but disguises where the link is going to end up.
Hovering over a shortened link doesn’t help because the link denotes the actual website you’ll visit.
The link shortening site uses the characters after the website name (ABXt in our made-up example above) as an index to look up the real destination and then sends an HTTP 301 Moved Permanently reply to tell your browser where to go next. You need to click through to the shortening site first before you find out where you are supposed to end up.
The SMS system, of course, doesn’t know anything about URLs or even about the internet – but it doesn’t need to.
Your phone’s operating system will happily recognise when the text in an SMS looks like a URL and automatically make it clickable for you.
So, when the crooks use shortened URLs in their smishing scams, they don’t look unusual or out of place, even though the crooks are doing it specifically to be treacherous and not to save space.
As a result, text messages that contain one short, clipped sentence that wouldn’t look right in an email, and that contain deliberately disguised links that we might be suspicious of anywhere else…
…look surprisingly natural when they show up in an SMS.
Like this one we received earlier this week. (We’re not called Christopher and we don’t live in Derry, which is in Northern Ireland. The incomplete address given is a genuine suburban street, presumably plucked from a map to make it seem realistic.)

Source: Naked Security
Dear Christopher, we have your packet in queue. Address: Londonderry, Ballynagard crescent
http COLON SLASH SLASH xxxxxxxx DOT com SLASH zzzzzzz
The message is meant to look as though it was sent to the wrong number, so the crooks are relying on you being intrigued enough to click through, whereupon they use some sneaky “reverse authentication” psychology to lure you in further.
The scam first shows you some cheery messages from a fake Apple chatbot to tell you why you – actually, to tell you why Christopher – had enough luck to be chosen to take part in an iPhone 12 trial, and then it invites you – actually, it invites Christopher – to join in:

Source: Naked Security
Here, the link looks genuine, but the blue characters are simply the clickable text of the link, not the URL that is the destination of the link.
At this point, you’re no longer in the SMS messaging app but have clicked through into your browser, so you can see where the fake link leads if you hover your mouse over it. (On a phone, tap-and-hold on the link until the destination pops up.)
But if you aren’t cautious, you might wonder whether “Christopher” really was part of some Apple pre-release group.
What if you claim Christopher’s promo for yourself?
In fact, what’s stopping you from simply clicking through as if you were Christopher and finding out for yourself?
Well, one thing is stopping you, namely that you have to “prove” yourself by by giving your full name and address – except, of course, that the crooks helpfully leaked that information to you in the original text, making the “test” easy to pass.
You can guess what happens next:

Source: Naked Security
In case you’re wondering, the name-and-address answers above in part 3/5 don’t matter a jot. We tried clicking numerous different combinations and, unsurprisingly, the crooks let us through anyway. The questions are there just to provide a plausible connection back to the SMS that was meant for “Christopher” but that reached you instead. It’s as though the criminals are trying to “authenticate” themselves to you, rather than the other way around.
As you see above, if you do click through the questions then you end up on a scam site (there were several variations, all similar – we tried the smish repeatedly) where you find there’s a courier delivery charge for the “free” phone, typically between £1 and £2.
Then you end up on a credit card payment form that’s hosted on what looks like a “special offers” website with a believable enough name, and with an HTTPS security padlock if you take the time to look.
Of course, if you try to pay your modest delivery charge, you are simply handing over your personal data to the crooks, including your full card number and security code:

Source: Naked Security
How bad is this?
Is this really a big deal, given that most of us would back ourselves to spot this as a scam right from the start?
Yes, it is.
Many of us have friends or family – perhaps even an at-risk relative who has been scammed before – who wouldn’t be so sure, and for whom the reverse authentication trick of asking for “Christopher’s” name and address might be convincing enough to draw them in further.
And friends don’t let friends get scammed, so if ever you get asked by someone who relies on you for cybersecurity help, “So what would happen if I clicked through?”…
…you can show them the short video above and let them see how these scams play out – without having to click through yourself.
What to do?
The article recommends that:
1. There is no free phone
And if there were a free phone, you wouldn’t have to hand over your credit card details and pay £1 for it. You’re not getting something for nothing – you’re handing over something for nothing, and the crooks will use it against you. If you’re in any doubt, don’t give it out.
2. Keep your eyes open for clues
The crooks have made numerous spelling and visual blunders in this scam. We’re not going to help them by listing them all like your English Language teacher would have done at school, but there are quite a few things that just don’t look right, even if you assume that there really is a free phone at the end of this. You might not always notice every clue, but always give yourself the time to look and therefore the best chance to catch out the crooks.
3. Look at the link before you click
If anything looks wrong, it IS wrong. Even if the crooks don’t make any spelling or grammatical mistakes they almost always need to lead you to a website that they control.
Often, that means a bogus link that you ought to spot if you take your time. Never let yourself get rushed into clicking through, no matter how much the crooks play on your fear of missing out.
4. Consider a web filter
Network web filtering on your business network isn’t about surveillance, it’s about online safety. This helps you keep the bad stuff out, and helps your users keep the good stuff in, such as passwords and payment card numbers. Setting up a corporate VPN (virtual private network) means that users at home can browse securely back through the office network and enjoy the same protection that’t they’d have on the LAN at work.
[NB: The article was first published for Sophos by Naked Security]
GRTech
The Economics of Product Decisions: Applying Behavioural Economics and Game Theory in PM


Product managers often need to make a clear-cut decision: what should we build next? But the decisions which hold real importance go beyond adding features.
It’s about getting what makes people tick.
It goes way beyond what you would expect, getting into how people behave and using game theory.
These areas give insight into how users decide and how a product’s design can improve growth and keep people interested.
This is what Amarachi Nnochiri excels at. She is a senior product manager that knows how to use economics and psychology in her job.
She goes beyond simply managing product tasks; she develops whole product systems based on how users think, feel, and use a service. Her background shows how understanding human psychology and behaviour can give you a significant advantage in the competition.
One idea Amarachi uses is “loss aversion.” In this scenario, people feel worse about losing something than they feel good about gaining something of equal value.
She uses this when designing her products, mostly when it comes to pricing and getting people to try new strategies. For example, instead of giving a free trial, she might use a freemium setup where users get some stuff for free but could lose it if they don’t buy an upgrade. This pushes them to pay.
She might also use progress bars or streak counters, since losing progress gets people to keep using the product.
Amarachi also uses ideas from “game theory” to get how users act and change their behavior. She realizes that users are doing more than operating a product, but are playing a game with other users or with the product itself. She designs things that use ideas like “Nash equilibrium,” where nobody can do better by changing what they’re doing. For a social product, this could mean creating a system where doing something good for yourself (like inviting friends) also helps everyone else. This makes the whole thing stable and positive.
Her know-how in game theory also applies to making strong “network effects.” This means making stuff that gets better as more people use it.
A good example is a social network where each new user makes the product more helpful for everyone else. Amarachi endeavours to make things go viral on purpose, not just by luck.
She might use “commitment devices,” which are things that make a user stick with a behaviour by making them depend on it socially or functionally. For example, inviting team members to a tool makes the user stick with the platform and makes the product’s network stronger.
This way of thinking is better than just following the usual steps. By using these economic and psychological tricks, Amarachi develops competitive advantages which are difficult to replicate.
She knows that a company’s best thing is not just a simple interface, but a product that’s designed to sync with how people behave.
Her product choices aren’t just about the needs of users, but equally focus on motivating them to like the product, use it, and stick with it.
In her work, choosing a subscription price isn’t just a business thing; it’s about behaviour. Designing a social feed isn’t just about the content; it’s about balancing what people want and watching how they interact. Amarachi knows extensively about the economics of product decisions. This makes her products innovative and appealing to human behaviour, which leads to more use, keeps people around, and helps the product grow. She’s a leader in product management, where identifying customer desires is backed by understanding human motivation.


Technology Company, Globacom, has announced significant reductions in its International Direct Dialing (IDD) rates, making international calls more affordable for its existing and new customers across Nigeria.
Effective August 10, the new rates began applying to over 15 popular international destinations, including United States which will has moved to ₦30 per minute, down from ₦35, United Kingdom is now N350 from ₦400, while India also moved down to ₦40 from N45.
The rates for China, Saudi Arabia and Cameroon however recorded major reduction moving to N75, N300 and ₦700 respectively.
The reduction was also extended to African countries including Benin Republic which goes for ₦650 per minute, Niger Republic ₦750, Ghana ₦500, and Togo ₦650. United Arab Emirates also moved from ₦450 to ₦325, Germany to ₦550, Côte d’Ivoire ₦700, Libya ₦700, while calls to Malawi is now N1,100 from ₦1,200.
Glo aims to provide more value for its customers through these revised rates, encouraging them to make Glo their preferred network for international calls. New IDD bundles will also be introduced, offering frequent international callers even more attractive deals.
Globacom, which remained optimistic that frequent international callers will benefit immensely from the reductions in IDD bundles, enjoined customers to take advantage of the new rates to stay connected with friends and business associates across the globe.
GRTech
Oil subsidy removal freed up resources for infrastructure – Enugu Governor
By Orji Israel, South East Correspondent


The Executive Governor of Enugu State, Peter Mbah, has attributed the financing of numerous infrastructure projects embarked by the state government to the oil subsidy removal policy of the President Bola Ahmed Tinubu administration.
He made this declaration at the Govermment House, Enugu, during a courtesy visit by a delegation of federal government led by Minister of Information and National Orientation, Mohammed Idris, as part of activities lined up for the 2-day Citizens’ Engagement Series in the South East geo-political zone.
“For us in Enugu, we are able to accomplish all we promised our people during the campaign, thanks to the bold decision taken by President Bola Tinubu, which has freed up resources needed to execute humongous capital projects,” said Governor, while listing ongoing projects in the state, which include the construction of 7,000 classrooms, 3,300 hospital beds and 2,000-hectare of 260 farm estates across the 260 wards of the state.
Governor Mbah also pledged more support for the policies of the federal government, saying they are in the best interest of the people of the state.
-
News4 days ago
PRCAN Mourns the Passing of NIPR Council Member, Bashir Chedi
-
Energy4 days ago
Gov Mbah Revamps, Upgrades Nigergas after 30-year Dormancy
-
Culture4 days ago
Okhma hosts high-level investment pitch for 70 brands ahead of Carnival Calabar 2025
-
News4 hours ago
Breaking: Simon Ekpa Sentenced to Six Years in Prison for Terrorism by Finnish Court
-
News4 hours ago
Tinubu has Been Fair to All Sectors of Nigeria – FG
-
Transport4 hours ago
We Are Saddened by the Passing of Ruth Otabor – Dangote
-
Agriculture2 hours ago
Raw Shea Nut Export Ban: a win for Nigeria, West Africa – Stakeholders say