NEWS FROM THE LAB - Thursday, April 19, 2007

SMS phishing on the rise in SE Asia? Posted by Esz @ 09:30 GMT

It seems that SMS phishing scams have come closer to home. As it turns out, apparently lots of people here in our Kuala Lumpur office received similar text messages during the week.

Below is the message that we received on our mobile phones:

SMS Phishing

"Announcement from PETRONAS MLSY. CONGRATULATIONS your phone number has won a prize of RM 11000. (About US$3,200) Please contact the following number at 0062858853982xx tomorrow morning at 8.00am. Thank you".

The SMS message was received at 12:15am on 16/4/2007. This looks pretty odd – why would Petronas Malaysiam, a national Oil and Gas company in Malaysia, want to send an SMS at this time?

From the phone numbers that we got from the SMS, we know that they belong to the Indonesian mobile network Indosat and therefore the phisher is located somewhere in Indonesia. This was further confirmed when the phisher spoke to us in Malay with a clearly Indonesian accent.

Apparently, this is not the first time these numbers have been used in a SMS phishing attack – the first reported attack using this number was on the 23rd of March 2007.

We decided to call the listed number and play along with the phisher to find out more about the phishing scheme. The original conversation was in the Malay language. Here is a translated transcript:

   Phisher: Hello.
   Us: Hello.
   Phisher: What is your name?
   Us: My name is Devinder.
   Phisher: What's your phone number?
   Us: My number is xxxxxxx.
   Phisher: Congratulations, we have chosen your number to win RM 11000.
   What is your bank account number?

(Line got disconnected at this point.)
(Next call.)

   Phisher: Hello Mr.Devinder?
   Us: The line was disconnected just now…
   Phisher: In order for us to transfer the RM 11000, we need your bank account number.
   Us: I am using Maybank.
   Phisher: Do you have an account in any other bank other than Maybank?
   Us: I have Maybank only.
   Phisher: You can't use Maybank because we have another winner who is using Maybank.
   You need to have an account in one of these banks – RHB, Affin Bank, Bank Simpanan Nasional, Eon Bank and Public Bank.
   Us: I have an account in Bank Simpanan too.
   Phisher: Do you have an ATM card? We will not be able to give you the money if you don't have an ATM card.
   Do you have any friend who has an ATM card for an account in any of the [mentioned] banks?
   Us: Yes, my friend has a Giro ATM from Bank Simpanan and we can give you the number. The number is xxxx.
   Phisher: Is this the number on the card?
   Us: Yes
   Phisher: Is it an ATM card?
   Us: Yes it is an ATM card.
   Phisher: How much money do you have in that account?
   Us: I have around one thousand Ringgit.
   Phisher: Now go and check your balance from an ATM machine.
   It will be RM 12000 now.
   Us: How are you going to send the money? Are you going to send a check?
   Phisher: I am going to send a check to you. Please go to the ATM machine to insert the check in the ATM machine.
   Us: What is your name?
   Phisher: Mohammed Paisol.
   Phisher: Go to the ATM machine now and call us from there.
   Us: Ok. I will do that. Bye

(After a short time we tried calling again.)

   Us: I am now at the ATM machine now.
   Phisher: What is your name?
   Us: Devinder.
   Phisher: Why did you call again?
   Us: Because just now you told me to go to the ATM machine.
   Phisher: So are you at the ATM now?
   Us: Yes.
   Phisher: Are you familiar with the ATM machine?
   Us: Yes I'm use to using it.
   Phisher: Please put your card in.
   Us: Ok the card is in.
   Phisher: What did the display say on the screen?
   Us: The screen says to choose either English or Bahasa Melayu.
   Phisher: Please choose Bahasa Melayu.
   Us: Ok I have chosen it.
   Phisher: Key in your pin number.
   Phisher: You have to be at the ATM! I know that you are not at the ATM now!
   Us: No, I'm at the ATM now.
   Phisher: No! You are not at the ATM now!
   Us: I'm at the ATM.
   Phisher: Have you insert the card in?
   Us: Yes.
   Phisher: Take the card out!
   Us: Ok, it's out.
   Phisher: It's ok. It's obvious you don't deserve the money. Thank you!!

The phisher hung up abruptly right after that.

We are still in the process of getting the latest information on this phisher. After two days passed, we invited our PR Manager to call the phisher using a mobile phone and found out that the phisher was receiving calls from another mobile phone and was on voice mail. The voice mail box was apparently full. As a result of this we had to abort the call.

So, everyone out there, be prudent when you receive this kind of SMS on your mobile phones.

Here are the WAV files in Malay language:
Part One 2584k — Part Two 8193k — Part Three 7214k
MP3 File Format:
Part One 939k &mdash Part Two 2974k — Part Three 2619k