• Traegs@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    I’ve gotten 8 of these texts in the last 9 days. Every single one has a different URL. Out of curiosity I clicked on one of the links and chrome detected Chinese on the page but I couldn’t see it anywhere.

      • chicken@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Shouldn’t be that risky, browser exploits are rare nowadays. They’ll get your IP but there isn’t much a scammer can do with that especially if it’s a mobile data IP.

          • chicken@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            How would they do that? The url in the OP is just a short domain, it doesn’t have a tracking code. They aren’t going to register individual domains for every potential mark.

            • Rivalarrival@lemmy.today
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              I can think of at least 2 ways to make it useful.

              First, you’re most likely to click the link within a few seconds or minutes of receiving it. So, you send out the link to one number, and wait 5 minutes before sending it to another number. If you get a hit on that domain, there is a very good chance it was the last number that converted into a click. You’ll get some false positives conversions, yes. But at the end of your campaign, you have a very good list of people known to quickly click through.

              Second, you don’t necessarily need a 1-to-1 correlation. You might just be trying to refine your target lists to find the numbers most likely to convert.

              Say you have a large list of numbers to check for gullibility. You set them into groups of 100, and send all 100 to the same domain. Every time someone clicks through, you increase the rating of everyone in the group. So, 1 person in your first group clicks through, everyone in the group gets “1” added to their rating. 99 will be false positives, but this group is infinitely more valuable to you than a group of zeroes.

              Repeat with a second group and a new domain: 20% click through, everyone in this group gets “20” added to their rating. This list is 20 times more valuable than the first, even though 80% of them are a false positive.

              Once you’ve gone through your entire list, drop all the zeroes, subtract 1 from every score, rinse and repeat.

              After just a few repetitions, you have a high quality list, very rich in potential targets.

              • chicken@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 year ago

                I don’t think the timing attack method would work very well since they probably have thousands of numbers to go through. The other one, I guess, but it seems like a lot of effort to find out who is slightly more likely to click things when they could have included a tracking code instead (or, like what they did, requested a reply text in addition to going to the link). I think it probably isn’t that risky to just look at the website.

          • icedterminal@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            RCS chat at the top already proved the number is real to the spammer who sent it. Otherwise, RCS straight up fails with a client side message it can’t be sent/delivered. In which case the client would retry as a basic text on prompt.

        • LinkOpensChest.wavOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Didn’t all major browsers recently push an urgent update due to a browser exploit?

          • chicken@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Probably, but my understanding is that knowledge of exploits pre-patch is very valuable and difficult to come by, and the more systems the hack is used on the faster it gets patched. For that reason these are only really used in high value and targeted attacks, and not so much broad net phishing campaigns.