Phishing Phone Number

I received a text message with a link to a site where I was asked to enter my phone number to continue. Without thinking too much I entered it, I received an OTP and I entered that too, after which the site asked nothing else. Am I risking anything by doing this and not entering more information?

Hi:

It sounds as if you fell victim to a "smishing" attack:

https://www.fcc.gov/avoid-temptation-smishing-scams

https://usa.kaspersky.com/resource-center/threats/what-is-smishing-and-how-to-defend-against-it
(For INFO ONLY)

What kind of site did it take you to? What kind of information was entered on that site, and why did you proceed when you didn't initiate the request?

it was a site for an old debit card that I no longer have. the message simply said that there was a situation to resolve and to proceed on the link. Since I didn't remember much about the card and the site, it seemed legitimate to me and since they only asked me for the phone number, I didn't think too much about it. after entering it, I received a confirmation code and I entered it on the site. the site then said to wait as an operator would contact me shortly but no one contacted me.

it's strange because they didn't ask me for any other information so I thought of two options: either they just wanted the number (and for this reason I wanted to understand the risks it would lead to) or they wanted to ask me something else but the site was actually buggy

But did you initiate such an action? If it was for an old debit card you didn't remember why did you proceed? I woukd have called the bank.

no I simply received a message, then I had already had similar problems with this bank and it didn't seem so strange to me, then from the moment I had to just enter the number I didn't think about it. Am I risking anything by wearing it? (besides spam)

I personally wouldn't have followed the link, and I would have called the bank directly to very the issue.

Did you read this?
https://www.fcc.gov/avoid-temptation-smishing-scams

If you scroll to the bottom, it provides advice for what to do, including filing complaints with the FTC & FCC, and contacting law enforcement.

Alas, I don't know what else we here at BC can do, as the scammers now have at least your mobile number, plus any other info they were given. :-(

I only gave the phone number (which they already had since the message arrived as a text message), I was simply wondering if I was risking something by providing only that

By replying, you basically confirmed your phone number for the scammers.
The potential consequences of having done so are explained in the links I provided.

If I were in your shoes, I would file the reports & contact law enforcement.
There's no guarantee anything tangible will result, but it's better than nothing.

I suppose you'll be less likely to fall for a similar scam next time.
But you're certainly not alone.

Good luck. :-)

Additionally: right now these scammers consider you as a gullible person, easily decieved ; beware of any strange communications, they may not even be (supposedly) from these persons, but made to look like a different source. Thousands of people a month are taken advantage of in this country alone.

I'd also change your phone number

I would change passwords for accounts that you may reuse passwords.  I would check your email accounts to see if there are any unexpected logins. In general, I would enable 2FA everywhere.

 

They have your phone number.  The OTP could have been sent from legitimate services to confirm the control of your phone number.  Large techs probably would have included a warning, but smaller/questionable tech company might not.

 

The least damages are like other people say: confirmation about your phone number and your habits that you might want to be careful with.  The next, would probably be they were able to create an account using your phone number, making it riskier for your identity.  The worst is they can grab control of one of your accounts, with email accounts being the worst because of the potential in acquiring access to other accounts.

Edited by Dill2046, 26 March 2024 - 09:31 PM.

I understand, but the OTP code I received comes from a number which I later checked was a spam number, so it doesn't come from other services. For example, if they had used my number to access one of my accounts, shouldn't the OTP code have come from a number of that service?