Don’t let SMS Spam phish you!

Sean Wragg
Sean’s Blog
Published in
2 min readAug 9, 2017


Phishing scams aren’t anything new. If you’ve lived through the early days of the interwebs, you can probably recall a couple of run-ins with a phony duplicate of your favorite website.

Most times sketchy emails with arbitrary, suspicious links can be spotted from a mile away. However, now that we’re all device connected, mobile phones have been the target of many attacks. And unfortunately, mobile apps can be less than forward about what site you’re currently viewing.

Recently, I received a random text that my Bank of America (BofA as so aptly provided in the text) account had been locked.

*Use asterisks to denote importance y0!*

To anyone with a Bank of America account, this could certainly be alarming. I however, do not possesses a BofA account… so… good game spammer?

Now if you can’t control yourself after receiving an alert like this, do yourself a favor; Go to the verified site rather than using the spammy link provided!

But to satisfy my curiosity, I decided to click the link...

Hey, that looks like Bank of America’s desktop site! Must be legit!

Certainly looks like what we’d expect from an average Bank of America site but, we still don’t know what web address we’re visiting.

Sidenote: after visiting the Bank of America site later, their mobile version looks nothing like this! Shame on this h4x0r for not viewport adapting their phishing site!

If you notice, our built-in browser doesn’t show the URL web address, just the <title> tag — which is controlled by our malicious h4x0r.

Thankfully, we can tap those 3 little dots to the right for “Open in Internet” which gives us the real address.

Unless there’s a new Brazilian branch of Bank of America owned by Anderson Ferro, don’t go entering your account credentials unless you know the site you’re visiting!

Be smart when clicking things!