Android, Verizon Message+ v6.9.13 - reporting spam.
Sorry for the length of this post but it could have been longer.
I’ve been getting the same type of spam text messages for over a year and I’ve reported almost all of them with the “Report Spam” button as explained in the FAQ:
If you are using Verizon Messages (Message+), follow the steps below to report spam:
(That works but,)
and you'll be notified that the message was reported as spam.
(That doesn’t appear to work.)
I’ve never been notified and I suspect the investigation did not begin.
Looking at my Verizon account message log, I see all of the “received” spam. I expected to see the ones I’ve reported to be flagged in some way or my reports at least noted.
This January (2020) I started taking screen-shots of the message and details of some texts.
Recently I did a little digging.
The “From” number is different in all messages and the area codes cover the range of 200’s through 900’s. Using reverse lookup I find that they might or might not be assigned to a real person so the From doesn’t help me. Oh, I just got a new one from area code 424. Same format, which is a brief message with a link at the end.
The messages could be about prizes I’ve won, packages to be delivered, energy drinks, my C-score, ways to make “Mr. Who-Ha” bigger, or similarly “luring” subjects. Some are targeted to “Michael” and even say a street address and occasionally the name of a town in the area where I live. It’s not my name or address. Searching finds an elderly person with that name who lived in my area (I didn’t know him) and the address mentioned doesn’t exist. I’ve had my phone# for over a decade and can’t find any tie between my number and that person.
The links are formatted as “http:// name . tld / resource” (spaces added) where the name is mostly random-looking characters like “nlqxwe” and “kugtfj” and so on. The top-level-domain (tld) is .casa .info .boutique .xyz and such although there were a couple with .com and .org. The resources are strings like “/pmwni7xf” and ”/5dcf1ia” etc. I won’t post the actual full URLs here.
I did a Whois on quite a few and most were from NameCheap (a few from NameSilo or Name or Uniregistrar). All had been assigned on the day of or just before the text date and are protected by WhoisGuard or other privacy providers.
I just now got another one, this from area code 312, same format. It says:
“AMEX: regarding a security concern on your account. access your account: (link)”
I don’t have an AMEX account. This domain is a .com registered at TuCows protected by Contact Privacy Inc. The message just prior to this one was a .boutique registered at NameCheap. I’ll quote that one, too:
“The strongest pain relief that you could ever use! Specialists recommended! (link)”
Using my TOR browser in a sandbox I went to a few domain addresses (not the resource). If the assignment was more than a couple of days old they went to a blank page. If they were recent, they went to a page:
(1) New Message
Clicking either link on the right went to legitimate looking documents (obviously “borrowed” from somewhere). However, right-mouse and page navigation was disabled and clicking on Back took me to another website that said “Take a Spin!” on a spin-the-wheel game screen with a message box in front that says “Looks like it’s your lucky day!” [OK]. I didn’t click OK. I did open Web Developer and looked at the source. There was a .jsm and a .css but I didn’t explore them. I did save them and the .html to a text file in case I get bored someday.
Most of the texts have a “MsgId:” that consists of a long string of characters that I’m sure means something to someone. Searching didn’t yield anything simple enough for me to understand without spending lots of learning time.
Well, I just got another text from area code 870 while I was composing this:
“Michael get a flat t0mmy in just a short while with just a cup of this before bed! (link)”
TLD is .boutique. Registered today, 2020-06-13 at NameCheap and protected by WhoisGuard. This DNS is at registrar-servers but others have varied. Cloudflare was common for a while.
I’m tired of looking this stuff up so I’ll just be hitting Report Spam and pretend like that actually does something.
Oh, just got another one from area code 615 and it looks like they have a glitch in their code:
“CCWPermit: Michael Don’t be arrested for carrying a gun in [state]. Get your perm. easy at http:///a9b843918e Stop to Stop”
Very active day today. I’m sure if I worked for the security department of a big communication company I’d have some better tools and probably a few contacts at places like NameCheap. If someone wants some actual data to chase this further down the rabbit hole let me know.
Anyway, that’s some of my story. Does it sound familiar to anyone? I wonder what “investigation” Verizon has done?
We understand spam messages can be quite bothersome, phido. Please keep in mind that while we do try to provide you with ways to avoid and block spam numbers, there is no definitive way to stop them from occurring. You can learn more ways to block them here: https://www.verizon.com/support/block-unblock-services-faqs/
The generic FAQs are helpful if one is receiving spam from a few individuals but is no help in these situations.
What I need is a way to contact someone who wishes to address the dangerous spam-text problem technically. I haven't found that contact number or email address yet. My past attempts to report spam (by the button or forwarding to 7726) haven't been fruitful.
I have gathered information about the web-links that point to various LLC's in Florida along with the names of principals. Whether they're real or fake I don't know but they've been consistent for a few years.
The latest development is that when either link is clicked on the "(1) New Message" the page tries a "Fake Browser History Injection" which my sandboxed TOR browser and AV software blocked. With my limited skills and tools I can't trace this much further, but I would hope that Verizon's tech people could, and would want to.
You're correct that there's no way to stop spam from occurring but this one spammer seems to be generating problems for more than just me. Please, please, pass this to the tech people who understand the problem. I will gladly share all of the info I have.
Verizon should know who I am and my email address is valid on my account. A phone call will go to voicemail but I will see a text or email.
I will be sure to lift this up to the appropriate party, phido. I want to thank you for the specific information and details you have provided. I assure you that we are constantly investigating new ways to protect our customers from spam calls and texts. I will be sure to include your information as well. I want to thank you for choosing Verizon Wireless, and I hope you have a great rest of your day!