Wireless carrier Verizon on Wednesday blamed “bad actors” for thousands of spam text messages recently received by its customers and said it was working with federal law enforcement agencies to try to identify the source.
The telecom giant confirmed in a statement on Wednesday that its customers had been targeted by the rogue texts offering them a free gift, reported Monday by The Verge, a technology news website. Some users had reported being redirected to Russian state media sites when they clicked on links in the texts, but Verizon treated the texts as a more typical phishing scheme aimed at defrauding consumers.
“As part of a recent fraud plan, attackers have sent text messages to some Verizon customers that appear to come from the customer’s own number,” the statement said. “Our company has significantly curtailed this current activity, but virtually all wireless carriers have experienced similar fraudulent activity in recent months.”
The settlement signaled a steady increase in complaints filed with the federal government by consumers claiming to be victims of spam text messages.
In response to follow-up questions on Wednesday, a Verizon spokesperson said the company believed several thousand of its customers had received the texts as part of a broader plan affecting major wireless carriers.
The spokesperson, Rich Young, said Verizon had blocked one of the numbers that sent some messages, but the source continued to use other numbers to spam customers.
According to Mr. Young, there was no indication that the reports came from Russia, which is suspected of carrying out cyber attacks during its ongoing invasion of Ukraine.
According to Verizon, it worked with the FBI and the US Secret Service to identify the source of the texts, which enticed recipients to click on a link that offered them a free gift. Security experts generally advise against clicking on links sent from strange or unrecognized accounts.
The intent of the fraudulent requests is to get people to enter their credit card information, Mr. young. By clicking the link, those customers’ cell phones likely would not have been exposed to malware, he added.
The FBI declined to comment Wednesday. The US Secret Service did not immediately respond to requests for comment.
T-Mobile said in an email on Wednesday that it had found no evidence that its customers received the text messages, but that it has added known links identified as part of the fraud plan to its spam-blocking filters.
AT&T did not respond to a question from The New York Times.
In 2021, the Federal Trade Commission said it had received 377,840 reports of fraud resulting from text messages, with losses totaling $131 million. The average amount lost was $900, according to the committee.
Cell phone users can report suspicious text messages by copying and forwarding messages to the number 7726, which spells SPAM, a reporting service created by the GSMA, a wireless consortium of which Verizon is a member.
Most smartphones include features to block unwanted calls and text messages. To keep telemarketers and other attorneys out, consumers can also add their numbers to a federal do not call registry.
But those barriers haven’t stopped fraudsters from enticing mobile users to hand over financial information and other personal data with offers that include free gifts. Some fraudulent texts invite recipients to click links with tracking updates for fictitious shipments.
Suspicious text messages should be treated with the same heightened vigilance as suspicious emails, a cybersecurity expert said Wednesday.
“Don’t click on the links, especially if something isn’t right,” said Tim Weber, director of security services for ADNET Technologies in Farmington, Connecticut. “At first glance, they look like phishing emails.”
Mr Weber advised people to use built-in security features on smartphones to avoid being compromised, including biometric locks — those with fingerprints or facial recognition — and two-factor authentication.
