This week, a widespread hacking incident compromised a mobile text messaging service, resulting in approximately 166,000 New Yorkers receiving fraudulent text messages. The breach targeted Mobile Commons, a platform used by state government entities, charities, and activist groups, including New York state, Catholic Relief Services, and Fight for a Union.
The Breach and Its Impact
On the evening of November 10th, an unauthorized party gained access to Mobile Commons’ systems, likely through a phishing or social engineering attack. The intrusion lasted for four hours before being detected and shut down. During this period, hackers weaponized the platform to send scam texts to subscribers who had opted-in for updates from the compromised organizations.
The fraudulent messages prompted recipients to call a toll-free number, falsely claiming a declined bank transaction involving a substantial sum of money. The goal was to trick individuals into believing the text was legitimate and then persuade them to complete a real transaction to “fix” the issue, ultimately diverting funds to the scammers.
Rising Scam Trends
This incident underscores the escalating threat of text message scams. Recent months have seen a surge in fraudulent messages impersonating package deliveries, banks, and even government agencies. These scams exploit trust and urgency to manipulate victims into revealing personal or financial information.
The fact that a state-level messaging system was breached highlights the vulnerability of even established platforms. This attack serves as a stark reminder that no entity is immune to cyber threats.
What We Know and What Remains Unknown
Mobile Commons has stated that user data was not accessed during the breach. However, the company has not disclosed the exact number of subscribers who received the scam texts. It remains unclear how many individuals fell victim to the scam and suffered financial losses.
Protecting Yourself from Text Scams
The safest course of action is to avoid interacting with suspicious text messages, especially those claiming to be from financial institutions. Never click on links or call numbers provided in unsolicited texts. Instead, contact your bank or credit company directly via their official channels to verify any alleged transactions or issues.
This incident reinforces the need for vigilance and skepticism when dealing with unsolicited communications, particularly in the digital realm. The best defense against text scams is to remain informed and cautious, and to verify any suspicious requests through official channels
