Connect with us


Sophos discovers SMS phishing scam that pretends to be Apple “chatbot”

BY Sandra Ani



Sophos report on SMS scams

If you think SMSes are dead, you need to have a rethink. In fact, SMS is still of big interest to businesses and cybercriminals know about this.

If you consider this report coming from Naked Security, you will understand they are still widely used because of their simplicity and convenience.

Indeed, as a general-purpose short message service – which is literally what the letters SMS stand for – it’s hard to beat, because any phone can receive text messages, from the fanciest smartphone to the cheapest pre-paid mobile.

If all you need to transmit is a 6-digit logon code or a “pizza driver now 2 minutes away” notification, SMSes still make excellent business sense.

Sadly, and as noted by Naked Security, however, what works for legitimate businesses almost always works for cybercriminals too, so there are plenty of crooks still using SMSes for phishing – an attack that’s wryly known as smishing.

You can see why SMSes work for crooks. Start a 

With just 160 characters per message, it’s easy for them to avoid the grammatical and stylistic blunders that they often make when they’re forced to produce longer-format email messages in a language they don’t speak well.

Better yet, business SMSes generally use URL shorteners to save space, giving the criminals an excuse to do the same.

URL shorteners convert lengthy but meaningful web addresses such as https://brandname.​​pizza-order.html?​lang=en-US into a compressed but cryptic format such as https://xx.test/ABXt that frees up characters for the rest of the SMS, but disguises where the link is going to end up.

Hovering over a shortened link doesn’t help because the link denotes the actual website you’ll visit.

The link shortening site uses the characters after the website name (ABXt in our made-up example above) as an index to look up the real destination and then sends an HTTP 301 Moved Permanently reply to tell your browser where to go next. You need to click through to the shortening site first before you find out where you are supposed to end up.

The SMS system, of course, doesn’t know anything about URLs or even about the internet – but it doesn’t need to.

Your phone’s operating system will happily recognise when the text in an SMS looks like a URL and automatically make it clickable for you.

So, when the crooks use shortened URLs in their smishing scams, they don’t look unusual or out of place, even though the crooks are doing it specifically to be treacherous and not to save space.

As a result, text messages that contain one short, clipped sentence that wouldn’t look right in an email, and that contain deliberately disguised links that we might be suspicious of anywhere else…

…look surprisingly natural when they show up in an SMS.

Like this one we received earlier this week. (We’re not called Christopher and we don’t live in Derry, which is in Northern Ireland. The incomplete address given is a genuine suburban street, presumably plucked from a map to make it seem realistic.)

Naked Security

Source: Naked Security

Dear Christopher, we have your packet in queue. Address: Londonderry, Ballynagard crescent

http COLON SLASH SLASH xxxxxxxx DOT com SLASH zzzzzzz

The message is meant to look as though it was sent to the wrong number, so the crooks are relying on you being intrigued enough to click through, whereupon they use some sneaky “reverse authentication” psychology to lure you in further.

The scam first shows you some cheery messages from a fake Apple chatbot to tell you why you – actually, to tell you why Christopher – had enough luck to be chosen to take part in an iPhone 12 trial, and then it invites you – actually, it invites Christopher – to join in:

Naked Security

Source: Naked Security

Here, the link looks genuine, but the blue characters are simply the clickable text of the link, not the URL that is the destination of the link.

At this point, you’re no longer in the SMS messaging app but have clicked through into your browser, so you can see where the fake link leads if you hover your mouse over it. (On a phone, tap-and-hold on the link until the destination pops up.)

But if you aren’t cautious, you might wonder whether “Christopher” really was part of some Apple pre-release group.

What if you claim Christopher’s promo for yourself?

In fact, what’s stopping you from simply clicking through as if you were Christopher and finding out for yourself?

Well, one thing is stopping you, namely that you have to “prove” yourself by by giving your full name and address – except, of course, that the crooks helpfully leaked that information to you in the original text, making the “test” easy to pass.

You can guess what happens next:

Naked Security

Source: Naked Security

In case you’re wondering, the name-and-address answers above in part 3/5 don’t matter a jot. We tried clicking numerous different combinations and, unsurprisingly, the crooks let us through anyway. The questions are there just to provide a plausible connection back to the SMS that was meant for “Christopher” but that reached you instead. It’s as though the criminals are trying to “authenticate” themselves to you, rather than the other way around.

As you see above, if you do click through the questions then you end up on a scam site (there were several variations, all similar – we tried the smish repeatedly) where you find there’s a courier delivery charge for the “free” phone, typically between £1 and £2.

Then you end up on a credit card payment form that’s hosted on what looks like a “special offers” website with a believable enough name, and with an HTTPS security padlock if you take the time to look.

Of course, if you try to pay your modest delivery charge, you are simply handing over your personal data to the crooks, including your full card number and security code:

Source: Naked Security

Source: Naked Security

How bad is this?

Is this really a big deal, given that most of us would back ourselves to spot this as a scam right from the start?

Yes, it is.

Many of us have friends or family – perhaps even an at-risk relative who has been scammed before – who wouldn’t be so sure, and for whom the reverse authentication trick of asking for “Christopher’s” name and address might be convincing enough to draw them in further.

And friends don’t let friends get scammed, so if ever you get asked by someone who relies on you for cybersecurity help, “So what would happen if I clicked through?”…

…you can show them the short video above and let them see how these scams play out – without having to click through yourself.

What to do?

The article recommends that:

1. There is no free phone

And if there were a free phone, you wouldn’t have to hand over your credit card details and pay £1 for it. You’re not getting something for nothing – you’re handing over something for nothing, and the crooks will use it against you. If you’re in any doubt, don’t give it out.

2. Keep your eyes open for clues

The crooks have made numerous spelling and visual blunders in this scam. We’re not going to help them by listing them all like your English Language teacher would have done at school, but there are quite a few things that just don’t look right, even if you assume that there really is a free phone at the end of this. You might not always notice every clue, but always give yourself the time to look and therefore the best chance to catch out the crooks.

3. Look at the link before you click

If anything looks wrong, it IS wrong. Even if the crooks don’t make any spelling or grammatical mistakes they almost always need to lead you to a website that they control.

Often, that means a bogus link that you ought to spot if you take your time. Never let yourself get rushed into clicking through, no matter how much the crooks play on your fear of missing out.

4. Consider a web filter

Network web filtering on your business network isn’t about surveillance, it’s about online safety. This helps you keep the bad stuff out, and helps your users keep the good stuff in, such as passwords and payment card numbers. Setting up a corporate VPN (virtual private network) means that users at home can browse securely back through the office network and enjoy the same protection that’t they’d have on the LAN at work.

[NB: The article was first published for Sophos by Naked Security] is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.


IASP Luxembourg: Chinwe Okoli Speaks on Soludo’s Innovation Agenda




SID In IASP Luxembourg
Chinwe Okoli speaking at IASP in Luxembourg

“We want Anambra to be known as a destination for innovation, the next Startup State, home for digital Talents, the home of the smart digital tribe”

Ms Chinwe Okoli, the Special Adviser to the Governor of Anambra State on Innovation and Business Incubation addressed the global innovation ecosystem leaders at the 40th IASP World Conference on Science Parks and Areas of Innovation took place at the European Convention Centre, Luxembourg.

SID In IASP Luxembourg
Chinwe Okoli and other world ecosystem leaders at IASP in Luxembourg

The conference with the theme, “𝐌𝐞𝐠𝐚𝐭𝐫𝐞𝐧𝐝𝐬 𝐢𝐧 𝐈𝐧𝐧𝐨𝐯𝐚𝐭𝐢𝐨𝐧 𝐄𝐜𝐨𝐬𝐲𝐬𝐭𝐞𝐦𝐬: 𝐖𝐡𝐚𝐭 𝐚𝐫𝐞 𝐭𝐡𝐞 𝐢𝐦𝐩𝐚𝐜𝐭𝐬 𝐟𝐨𝐫 𝐒𝐓𝐏𝐬 & 𝐀𝐎𝐈𝐬?” was an exceptional gathering of global innovation stakeholders from over 55 countries. The three-day conference presented an opportunity for the best innovation districts, science parks and areas of innovation in the world to connect and exchange best practices.

Solution Innovation District, Anambra State was prominent in the conference as Ms Okoli addressed the conference on the topic: “𝐇𝐚𝐫𝐧𝐞𝐬𝐬𝐢𝐧𝐠 𝐭𝐡𝐞 𝐔𝐧𝐭𝐚𝐩𝐩𝐞𝐝 𝐏𝐨𝐭𝐞𝐧𝐭𝐢𝐚𝐥 𝐨𝐟 𝐀𝐧𝐚𝐦𝐛𝐫𝐚 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐓𝐫𝐢𝐛𝐞: 𝐀 𝐂𝐚𝐬𝐞 𝐟𝐨𝐫 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐢𝐧𝐠 𝐂𝐨𝐮𝐧𝐭𝐫𝐢𝐞𝐬.”

She shared the transformative power of the Anambra State Government’s innovation program and highlighted the aspirations of Professor Charles Chukwuma Soludo, the Governor, and efforts in nurturing a robust innovation ecosystem in the State to unlock new opportunities and drive technological progress towards making Anambra the digital and creative capital of Nigeria.

Solution Innovation District (SID) is driven by the Anambra State Government, dedicated to fostering the growth of technology, innovation and entrepreneurship ecosystem.

Ms Okoli restated the commitment of the administration of Governor Soludo towards building the one -of -a kind district in Anambra State, stated the key and ambitious goals of grooming one million Anambra Digital Tribe, startups and digital entrepreneurs and in the end, she called for global partnership.

“Our Mantra in Anambra State is Everything Technology and Technology Everywhere

“At SID, we are activating and developing a dynamic and inclusive ecosystem of the future, Our focus is that in a very short time, Anambra becomes the go-to place for the supply of skills/talents on deep technology -Artificial Intelligence, cybersecurity, robotics, blockchain, Data science, Software Engineering, IoT, Cloud Computing etc.

“Let’s impact the world from the light of the nation, in the biggest country in Africa, let’s do digital magic with the Anambra Digital Tribe”.

SID In IASP Luxembourg (4)
SID In IASP Luxembourg

IASP, the International Association of Science Parks and Areas of Innovation, is the leading association of innovation ecosystems worldwide.

This organization actively unites and empowers a network of managers overseeing areas of innovation, science parks, research parks, innovation districts, knowledge cities, and various other innovation spaces. It’s the driving force behind the exchange of cutting-edge knowledge and best practices, propelling innovation on a global scale.

Continue Reading


Sophos Launches Wi-Fi 6 Access Points

Sophos supports shift to hybrid environments with new generation of remotely managed, reports SANDRA ANI



Sophos wireless launch -

Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced the Sophos AP6 Series to support the shift to hybrid environments with a new generation of remotely managed Wi-Fi 6 access points.

The new offering adds another component to Sophos’ secure access portfolio, which includes Sophos Firewall and Sophos Switch.

“With cloud-managed Wi-Fi, Sophos is addressing the need for more scalable, remote-managed Wi-Fi solutions that support the increasing number of connected devices and the proliferation of IoT systems,” said Daniel Cole, vice president of product management at Sophos. “This combination of our Sophos AP6 Series and Sophos Switches provides channel partners with a consolidated single vendor access solution strategy, easing the burden and overhead cost of managing multiple disparate systems from different vendors. Many access layer networks are still operating at 1 Gigabit speeds. With the significant performance enhancements in Wi-Fi 6, the industry has a great opportunity to review and modernize the network ecosystem that wireless is deployed into. Sophos’ solution dissolves a common bottleneck at the physical layer and can boost the total network performance of a company’s Wi-Fi infrastructure.”

Sophos AP6 models – including 420E, AP6 840, AP6 840E and the outdoor AP6 420X – have at least one built-in 2.5 Gigabit interface for faster LAN connectivity. 

When combined with the Sophos multi-Gigabit switches, which also support 2.5 Gigabit Ethernet, companies can unlock faster speeds across the entire network. With the AP6 420E and 840E devices, which support Wi-Fi 6E, companies can additionally use the 6 GHz band, which is a newer, less congested space, offering high performance for the latest devices. 

Sophos access points can be remotely managed in the cloud-based Sophos Central platform alongside a broader range of solutions than any other vendor.

This enables partners to oversee all customer installations, respond to alerts, and track licenses and upcoming renewal dates via a single, intuitive interface. Additionally, there is an on-premises interface administrators can take advantage of for on-AP settings.


The Sophos AP6 Series is available for immediate purchase exclusively through Sophos’ global channel of partners and managed service providers (MSPs). 

Continue Reading


Sophos Launches Incident Response Retainer



​Sophos Uncovers New Connections Between Hive, Royal, and Black Basta Ransomware
  • Sophos Retainer Cuts Red-Tape, Allowing Sophos Incident Responders to Quickly Investigate and Remediate Active Attacks
  • Shorter Attacker Dwell Times Require Faster Response, as Indicated in Sophos’ New Active Adversary Report for Tech Leaders

Sophos, a global leader in innovating and delivering cybersecurity as a service, has announced its new Sophos Incident Response Retainer, which provides organizations with speedy access to Sophos’ industry-first fixed-cost incident response service that includes 45 days of 24/7 Managed Detection and Response (MDR).

The retainer cuts red tape, allowing Sophos incident responders to quickly jump into active cyberattacks to investigate and remediate them. External vulnerability scanning and critical preparedness guidance are also included in the retainer, enabling organizations to proactively improve their existing security resilience by pinpointing and resolving issues that reduce the likelihood of a breach in the first place. 

At a time when attacker dwell time is steadily shortening, as revealed in a new 2023 Active Adversary Report for Tech Leaders that Sophos published today, time to locate and evict adversaries is critical in limiting damage and completely stopping nefarious endgames, such as data breaches and ransomware. The report indicates that median adversary dwell time continued to plummet, from 10 days in 2022 to eight days in the first half of 2023; for ransomware alone, the time between initial access and impact dropped from nine days to just five. Adversaries also preferentially carried out attacks during targets’ night and weekend hours, with only 9.6% of ransomware incidents taking place during the targets’ daytime business hours.

The single most common attack times were Fridays between 11 p.m. and midnight in the targets’ local time zones.

“Incident response retainers help organizations prepare in advance for the fastest response time possible to defend against active cyberattacks. Due to today’s complex and mixed-vendor computing environments, skills shortages, evolving attacker behaviors, and cyber insurance requirements, it’s critical that all organizations have pre-determined incident response plans in place.

Tangible ‘readiness’ is now a key component for cyber resilience,” said Rob Harrison, vice president, product management at Sophos. “Adversaries will often abuse the same weakness in a single system, and it’s not unusual for multiple, different attackers to go after the same target if there’s potential exposure. Sophos’ goal is to immediately stop active attacks and make sure complete remediation is achieved, regardless of how many hours it takes. We are the only security vendor that offers this caliber of retainer services for urgent security incidents.”

“Sixty-five percent of organizations suffered a significant breach event in the last 12 months despite considerable investments in cybersecurity tools, according to IDC ransomware research,” said Chris Kissel, research vice president, security and trust products, IDC. “Dealing with unexpected cyberattacks is time sensitive, stressful and a large financial commitment. The only way to save time, reduce costs and mitigate the impact of a breach is to have an experienced incident response team in place and lined-up ready to go – before attackers strike.”

The Sophos Incident Response Retainer is available in three tiers through Sophos partners worldwide. With Sophos’ unique ability to threat hunt, respond to and remediate attacks within multi-vendor environments, the retainer is available to non-Sophos customers, in addition to customers already using Sophos’ robust portfolio of innovative endpoint, network, email, and other security products, or Sophos MDR Essentials. Endpoint configuration health checks and device audits are also included in the retainer for existing Sophos customers. Organizations that prefer broader services in one package can purchase Sophos MDR Complete, which automatically includes full-scale incident response.

“The Sophos incident response retainer is the perfect tool for partners to help customers take a proactive approach to improving their cyber defenses, and it will enable us to more quickly respond and take necessary immediate action in a worst-case attack scenario when every minute counts,” said Jonny Scott, vendor alliance manager at Phoenix Software. “Sophos Incident Response’s fixed-cost pricing is genius, especially considering how every attack scenario is different and how quickly costs can rack up. The sheer breadth of resources included with the retainer – from scanning for vulnerabilities to patch and prevent breaches, to having a team of experts on standby 24/7 ready to battle head-to-head with adversaries – make it an absolute must have.”

Continue Reading