I have received 2 texts in 2days telling me I have voicemails from very strange sources. My phone has not rung and there’s no missed calls. I have not clickable on either as I’m too scared. So I have no idea what would happen if I did! Can anyone tell me what is going on?
Perhaps you could post here what one says. Someone may have seen something like it.
Usually if you have voicemail there will be a number specific to your provider to call to access it.
Thank you. I haven’t listened as I am too frightened what might happen if I click on the link. There’s no phone number attached to the text.
Do not click on the link!! It will lead you to a web site, not your voice mail.
This could be anything from a premium callback scam to a trojan horse scam.
It would be helpfull if you could tell us what one is, for advice.
Don’t listen or respond, just delete. We get similar messages by email as well. The text will either be:
- phishing for your phone account login credentials, other login details or personal information.
- a premium service where you may be charged a significant amount for responding.
- link to a malicious website to install malware on your phone/device.
Like any emails, texts, faxes etc (unless you know who has sent them and the information appears correct) ignore or even better delete them.
Thanks for your help about this. I received another text message today saying I had a voicemail. Again I ignored it which thanks to you seems to be the right thing to do. It’s really annoying but hopefully they’ll give up. Thanks to you and everyone else who replied.
What may be alarming in this example is that each carrier has a standard format for missed call messaging, VoiceMail alerts etc. An observation Is these include imbedded links to either redial the caller or to the VoiceMail service. Messaging in general includes web addresses rather than phone numbers.
How closely can a scammer spoof the missed call and VoiceMail messages?
Does one need to look behind the messages sent to know if it is from the genuine carrier?
Does the Scam rely on a subtle difference in the link that is obvious if one looks carefully?
Or is it self evident assuming one does more than a casual glance at the message?
For high volume users of mobile voice services, perhaps the tap to call VoiceMail is a reflex response, driven by urgency that the missed call is one from the boss, the ATO or ones partner. It only needs to work on a small percentage to be extremely dangerous. My early early Telstra branded mobiles had a dedicated button or touch screen icon to call the VoiceMail service.
Should Telstra, Optus etc remove embedded content from their messaging, and rely on the user to manually dial the correct number?
It’s usual for messaging from retail marketing loyalty schemes through to booking confirmations for the next medical appointment to contain cryptic web links to the T&Cs through to rebooking. The common format and style of these messages ask a similar set of questions.
FYI some of the messages look like the below, none from the same number either:
(+61412602569) t4xopy You hame a missed call. Caller left you a message: https://ww.dami518.com/x…
(+61412602569) qujyd02 Missed Call: You have a missed call. Caller left you a message: http://api.cumuluswuxi2018.org/d…
I’ve reported all as scam numbers, as well as the other 8 or so that I’ve received.
I’ve been getting these as well. They are nothing like a usual voicemail so as long as you’re not someone who just clicks on anything that pops up, you’ll notice the difference. Here’s my message, pic below. It has a user name that isn’t even trying to look real and the link isn’t even trying to look like a mobile carrier. As is said above, the phone didn’t even ring.
Ive recently received missed call txt msg (although no actual missed calls) with links included. Obvz I haven’t clicked the link. Anyone know anything about a these?
You have to laugh at the spelling errors.
Perhaps theses scammers should learn English before starting.
Welcome to the Community @Damscam
Other than it is a very poorly done scam text with an obviously dodgy link to be ignored and deleted, what do you need to know?
These spelling errors appear intentional. Perhaps to get stay ahead of service provider’s automated spam catching software? Or maybe just to weed out all but the most vulnerable / gullible victims…
See below an example of what I’m receiving. I’ve received a few so far, all from different numbers and always different spelling mistakes.
“xen1f You hpve a missek call. Cqller left you a messare: LINK REDACTED”
I have been getting these incessantly and it’s gone past annoying. I have been reporting these to the ACMA via their spam/scam reporting process:
- Forward SMS or MMS spam to us on 0429 999 888. Standard message charges apply.
- Forward email spam to firstname.lastname@example.org. Don’t change the subject line or add any text. You should receive an auto-response to your email.
Hopefully this works!
The same scam text messages have also been occurring in the UK…
The links are to phishing websites deliberately set up to steal personal information. There is one report that links may take those who click on them to websites to allow installation of malware (Smishing). The malware harvests information stored on your device (personal info, banking information, credit cards etc).
NEVER CLICK ON ANY LINKS FROM UNKNOWN SENDERS. DOING SO MAY COMPROMISE YOUR DEVICE OR RESULT IN PERSONAL INFORMATION BEING HARVEST AND USED FOR IDENTITY THEFT.
They are an effective method of phishing/smishing as it plays on our curiosity or the ‘fear of missing out’ (FOMO). Hopefully when others also receive these scam messages, they do an internet search and find this thread before clicking on and succumbing to the scam.
Welcome to the Community @Juz
Unfortunately ACMA and scamwatch are designed to warn consumers rather than to take action. Regardless, most of these scammers are not traceable in a practical sense so you should have realistic expectations your reports go ‘on the list’ rather than reduces their frequency or results in prosecution. Dollars scammed are usually untraceable as well as unrecoverable although in rare instances there are reports the transfers were stopped or recovered, at least in part.
thanks for this advice - I’ve just been blocking the numbers as they come in.
The hope would be that a glut of reports of scams using a particular domain name would feed into the warning software in the client that accesses that domain. So that even if a user is tricked and does click the link, the client software would warn that the domain is a suspected known scam site and seek confirmation (or just block it outright).
Do mobile phone clients do that (yet)? I haven’t checked. You can enable that feature in your web browser on the desktop / laptop.
Unfortunately that only covers part of it. Even if the sender is known, it still might be a malicious link.
Long ago, scammers got onto the idea that, for example, if they have successfully compromised one device then their scam software should enumerate the contacts on that device and use the contacts to attempt to spread to other devices. That way, the malicious link that each subsequent target receives is from a known sender.
Answering my own question, in part: In Safari on the iPhone this function is called “Fraudulent Website Warning”. https://support.apple.com/en-au/HT210675