GRTech
Sophos discovers SMS phishing scam that pretends to be Apple “chatbot”
BY Sandra Ani


If you think SMSes are dead, you need to have a rethink. In fact, SMS is still of big interest to businesses and cybercriminals know about this.
If you consider this report coming from Naked Security, you will understand they are still widely used because of their simplicity and convenience.
Indeed, as a general-purpose short message service – which is literally what the letters SMS stand for – it’s hard to beat, because any phone can receive text messages, from the fanciest smartphone to the cheapest pre-paid mobile.
If all you need to transmit is a 6-digit logon code or a “pizza driver now 2 minutes away” notification, SMSes still make excellent business sense.
Sadly, and as noted by Naked Security, however, what works for legitimate businesses almost always works for cybercriminals too, so there are plenty of crooks still using SMSes for phishing – an attack that’s wryly known as smishing.
You can see why SMSes work for crooks. Start a
With just 160 characters per message, it’s easy for them to avoid the grammatical and stylistic blunders that they often make when they’re forced to produce longer-format email messages in a language they don’t speak well.
Better yet, business SMSes generally use URL shorteners to save space, giving the criminals an excuse to do the same.
URL shorteners convert lengthy but meaningful web addresses such as https://brandname.example.com/pizza-order.html?lang=en-US into a compressed but cryptic format such as https://xx.test/ABXt that frees up characters for the rest of the SMS, but disguises where the link is going to end up.
Hovering over a shortened link doesn’t help because the link denotes the actual website you’ll visit.
The link shortening site uses the characters after the website name (ABXt in our made-up example above) as an index to look up the real destination and then sends an HTTP 301 Moved Permanently reply to tell your browser where to go next. You need to click through to the shortening site first before you find out where you are supposed to end up.
The SMS system, of course, doesn’t know anything about URLs or even about the internet – but it doesn’t need to.
Your phone’s operating system will happily recognise when the text in an SMS looks like a URL and automatically make it clickable for you.
So, when the crooks use shortened URLs in their smishing scams, they don’t look unusual or out of place, even though the crooks are doing it specifically to be treacherous and not to save space.
As a result, text messages that contain one short, clipped sentence that wouldn’t look right in an email, and that contain deliberately disguised links that we might be suspicious of anywhere else…
…look surprisingly natural when they show up in an SMS.
Like this one we received earlier this week. (We’re not called Christopher and we don’t live in Derry, which is in Northern Ireland. The incomplete address given is a genuine suburban street, presumably plucked from a map to make it seem realistic.)

Source: Naked Security
Dear Christopher, we have your packet in queue. Address: Londonderry, Ballynagard crescent
http COLON SLASH SLASH xxxxxxxx DOT com SLASH zzzzzzz
The message is meant to look as though it was sent to the wrong number, so the crooks are relying on you being intrigued enough to click through, whereupon they use some sneaky “reverse authentication” psychology to lure you in further.
The scam first shows you some cheery messages from a fake Apple chatbot to tell you why you – actually, to tell you why Christopher – had enough luck to be chosen to take part in an iPhone 12 trial, and then it invites you – actually, it invites Christopher – to join in:

Source: Naked Security
Here, the link looks genuine, but the blue characters are simply the clickable text of the link, not the URL that is the destination of the link.
At this point, you’re no longer in the SMS messaging app but have clicked through into your browser, so you can see where the fake link leads if you hover your mouse over it. (On a phone, tap-and-hold on the link until the destination pops up.)
But if you aren’t cautious, you might wonder whether “Christopher” really was part of some Apple pre-release group.
What if you claim Christopher’s promo for yourself?
In fact, what’s stopping you from simply clicking through as if you were Christopher and finding out for yourself?
Well, one thing is stopping you, namely that you have to “prove” yourself by by giving your full name and address – except, of course, that the crooks helpfully leaked that information to you in the original text, making the “test” easy to pass.
You can guess what happens next:

Source: Naked Security
In case you’re wondering, the name-and-address answers above in part 3/5 don’t matter a jot. We tried clicking numerous different combinations and, unsurprisingly, the crooks let us through anyway. The questions are there just to provide a plausible connection back to the SMS that was meant for “Christopher” but that reached you instead. It’s as though the criminals are trying to “authenticate” themselves to you, rather than the other way around.
As you see above, if you do click through the questions then you end up on a scam site (there were several variations, all similar – we tried the smish repeatedly) where you find there’s a courier delivery charge for the “free” phone, typically between £1 and £2.
Then you end up on a credit card payment form that’s hosted on what looks like a “special offers” website with a believable enough name, and with an HTTPS security padlock if you take the time to look.
Of course, if you try to pay your modest delivery charge, you are simply handing over your personal data to the crooks, including your full card number and security code:

Source: Naked Security
How bad is this?
Is this really a big deal, given that most of us would back ourselves to spot this as a scam right from the start?
Yes, it is.
Many of us have friends or family – perhaps even an at-risk relative who has been scammed before – who wouldn’t be so sure, and for whom the reverse authentication trick of asking for “Christopher’s” name and address might be convincing enough to draw them in further.
And friends don’t let friends get scammed, so if ever you get asked by someone who relies on you for cybersecurity help, “So what would happen if I clicked through?”…
…you can show them the short video above and let them see how these scams play out – without having to click through yourself.
What to do?
The article recommends that:
1. There is no free phone
And if there were a free phone, you wouldn’t have to hand over your credit card details and pay £1 for it. You’re not getting something for nothing – you’re handing over something for nothing, and the crooks will use it against you. If you’re in any doubt, don’t give it out.
2. Keep your eyes open for clues
The crooks have made numerous spelling and visual blunders in this scam. We’re not going to help them by listing them all like your English Language teacher would have done at school, but there are quite a few things that just don’t look right, even if you assume that there really is a free phone at the end of this. You might not always notice every clue, but always give yourself the time to look and therefore the best chance to catch out the crooks.
3. Look at the link before you click
If anything looks wrong, it IS wrong. Even if the crooks don’t make any spelling or grammatical mistakes they almost always need to lead you to a website that they control.
Often, that means a bogus link that you ought to spot if you take your time. Never let yourself get rushed into clicking through, no matter how much the crooks play on your fear of missing out.
4. Consider a web filter
Network web filtering on your business network isn’t about surveillance, it’s about online safety. This helps you keep the bad stuff out, and helps your users keep the good stuff in, such as passwords and payment card numbers. Setting up a corporate VPN (virtual private network) means that users at home can browse securely back through the office network and enjoy the same protection that’t they’d have on the LAN at work.
[NB: The article was first published for Sophos by Naked Security]
GRTech
Identity Management Day: Sophos Warns Against Data Breaches Linked to Identity Theft
REPORTER: Sandra Ani


79% of data breaches are linked to identity theft and cost businesses an average of $4.5 million, according to reports from the Identity Defined Security Alliance (IDSA) and the Ponemon Institute.
Additionally, the 2025 edition of the Sophos Active Adversary Report reveals that the average time between the start of an attack and data exfiltration is only 72.98 hours (3.04 days), while the average time between exfiltration and attack detection is just 2.7 hours.
Cyberattacks are becoming increasingly fast, and the longer a compromised identity remains active, the greater the potential damage.
In light of this, Sophos, one of the world’s leading providers of innovative security solutions designed to neutralize cyberattacks, is taking advantage of Identity Management Day, which takes place on Tuesday, April 8, 2025, to remind businesses of the best practices they should follow to manage and secure digital identities.
Cybercriminals can use a compromised identity to access confidential information, steal data, move laterally within the organization, and launch further attacks.
It is therefore crucial to take immediate action to contain breaches and minimize their consequences.
In this context, automation plays a key role by enabling organizations to respond quickly and effectively to identity-related threats.
Five Automated Measures to Protect Against Identity Theft
1. Disable the User
When an identity breach is detected, one of the first steps is to disable the compromised user account. By preventing the attacker from using the stolen identity to access company systems and data, this measure outpaces the hacker and helps contain the breach.
Automation significantly speeds up this process. With automated response tools, businesses can quickly identify compromised accounts and disable them in real-time. This reduces the attack window and minimizes potential damage.
2. Force Password Reset
Passwords are often the first line of defense against unauthorized access attempts. In the event of an identity breach, it is essential to immediately force a password reset for the compromised account to prevent hackers from using stolen credentials.
Automated rules can be set up to trigger an instant password reset as soon as a breach is detected. This saves time and ensures that the reset process is initiated without delay, reducing the risk of further unauthorized access attempts.
3. Force Multi-Factor Authentication (MFA) Reset
Multi-factor authentication (MFA) adds an extra layer of security by requiring users to enter a verification code in addition to their password. If an identity breach occurs, it is crucial to reset MFA for the compromised account. This means that the user will have to re-authenticate using their MFA tool, which automatically invalidates any stolen authentication tokens the attacker may have acquired.
Automated rules can trigger the refresh of MFA tokens, ensuring that compromised accounts are quickly reauthenticated. This prevents cybercriminals from using stolen authentication tokens to access company systems.
4. Lock the Account
Locking a compromised account prevents hackers from attempting to use it until the issue is resolved. This also gives the organization time to investigate the breach and apply the necessary corrective measures.
Automation streamlines the account locking process, allowing businesses to lock compromised accounts as soon as a breach is detected. This immediate response helps contain the breach and blocks further unauthorized access attempts.
5. Revoke Active Sessions
In addition to disabling the user account and forcing a password reset, it is essential to revoke all active sessions associated with the compromised identity. This ensures that the attacker is immediately logged out of all systems they accessed using stolen credentials.
Automated actions can be configured to revoke active sessions in real-time, instantly disrupting any unauthorized access. This is a critical measure to neutralize the breach and prevent further malicious activity.
For more information, please visit: https://www.secureworks.com/blog/5-critical-response-actions-for-an-identity-breach
GRTech
Samsung Expands Accessibility with Local Language Integration on Galaxy S25, A56, A36, and A26 Devices
By SANDRA ANI


Samsung Electronics has taken a bold step in enhancing user experience and inclusivity by introducing Hausa, Igbo, and Yoruba as official language options on selected Samsung Galaxy devices.
The feature, which is now available on the Galaxy S25, A56, A36, and A26 devices, reaffirms Samsung’s commitment to delivering innovative technology that speaks the language of its users.
With this groundbreaking update, Samsung users across Nigeria can now navigate their smartphones in their preferred local language, making technology more accessible, while also upholding our cultural heritage.
A Celebration of Culture and Technology
To mark the launch, Samsung hosted a cultural-themed press briefing featuring traditional music, local cuisine, and a showcase of the new language feature. Employees and guests attended in traditional Yoruba, Igbo, and Hausa attires, celebrating Nigeria’s rich cultural diversity.
Samsung also announced plans to expand local language support to more devices in the near future, reinforcing its dedication to making technology more inclusive for African users.
Empowering Users Through Language
The integration of Hausa, Igbo and Yoruba on Samsung devices reflects the brand’s mission to bridge the digital gap and enhance user engagement. Speaking at the press conference, Oge Maduagwu, Head of Marketing, Samsung Electronics West Africa, said, “At Samsung, we understand that technology is most powerful when it is accessible to all. By incorporating our local Nigerian languages, we are making our devices more intuitive and relatable, ensuring that millions of Nigerians can interact with their smartphones in the language they love and understand best”.
Seamless Language Transition on Galaxy Devices
Stephen Okwara, Head of Product Management, Samsung Electronics West Africa added, “The new local language feature is designed to deliver a seamless user experience, allowing customers to easily switch between languages. Users can activate Hausa, Igbo, or Yoruba on the Galaxy S25, A26, A36, and A56 by navigating to:
Settings > Language & Input > Select Language
“This update enhances smartphone usability, particularly for those who prefer their native language over English, ensuring greater digital inclusivity, enhancing digital literacy and encouraging more users to engage with technology in their native tongues”, he concluded.
Availability
Customers can visit all Samsung Experience Stores or authorized retailers in Nigeria to learn more and experience the feature firsthand.
TechNews
NITDA DG Inaugurates National Technical Working Group on Cloud Infrastructure
REPORTER: Sandra Ani


In a significant move to bolster Nigeria’s digital infrastructure, the National Information Technology Development Agency (NITDA) has inaugurated the Technical Working Group (TWG) on National Cloud Infrastructure.
This initiative aims to enhance local cloud capabilities, attract hyper-scale investments, and position Nigeria as a leading technology hub in Africa.
Speaking at the inauguration, NITDA’s Director-General, Kashifu Inuwa, CCIE, emphasised the need for accurate data and regulatory frameworks to support these initiatives, necessary for Nigeria to control its digital infrastructure, data, and technological future noting that,
“Without this foundation, we cannot achieve true digital sovereignty. Our goal is to build an ecosystem where both local data centre providers can scale, and global hyper-scalers see Nigeria as a viable investment destination.”
While identifying lack of accurate data on Nigeria’s IT infrastructure as significant challenge, Inuwa noted that while Africa comprises nearly 19% of the world’s population, it hosts less than 1% of global data centres.
“This disparity, coupled with limited insights into Nigeria’s existing IT capacity, hampers investment efforts and without clear data on our infrastructure, attracting investment becomes challenging,” he said.
The NITDA boss maintained that, to address this, NITDA commissioned comprehensive research to assess Nigeria’s digital landscape which findings have highlighted the need for improved regulatory frameworks, clearer investment incentives, and stronger public-private collaboration. He added that subsequently upon this, NITDA has engaged global consultants to redefine strategies for cloud development.
As the TWG embarks on its mission, NITDA urges industry experts, policymakers, and stakeholders to contribute their expertise and resources. “With collective effort, Nigeria can emerge as the premier digital hub for West and Central Africa,” Inuwa concluded.
While corroborating the Director General’s point of views, Acting Director of Regulation and Compliance, Barrister Emmanuel Edet, underscored the importance of regulatory intervention in fostering a robust digital economy.
“Our objective is to establish policies and legal frameworks that support cloud development, enabling us to securely host and manage our data. This is crucial for the growth of our digital economy, he said.”
He also highlights the necessity of capacity building, stating that, “Equipping ourselves with top-tier training and expertise is essential to fully leverage digital technologies.” Barrister Edet called on all stakeholders to actively participate in shaping Nigeria’s digital future.
“Collaboratively, we must develop a framework that reflects our national interests, and it should be widely accepted. This effort will define Nigeria’s role in the global digital arena, he observed.
The TWG will help in the drive to attract hyperscale investments and enhance local cloud capabilities by proffering measures to encourage the use of accurate data, recommend the enactment and compliance to enabling policies.
Members of the TWG which includes Google, AWS, IBM, Oracle, Microsoft, HUAWEI Cloud, Equinix, Kasi, Rack Centre, Africa Data Centres, several other data centre operators and the Nigeria Data Protection Commission expressed support and readiness to volunteer and contribute resources.
-
Finance4 days ago
PAFON 2.0: Experts Highlight Ingredients for Accelerated Financial Inclusion in Nigeria
-
Spotlight5 days ago
“Jesus + Nothing Worship” Leaves Lasting Impact, Amplifying the Message of Christ’s Sacrifice and Resurrection
-
News5 days ago
Emulate Christ’s virtues, Glo urges Christians at Easter