SBrown 4 Posted August 28 Share Posted August 28 Hi everyone, I recently received a suspicious SMS from an international number, asking me to redeem some points before a certain deadline. The message included a link that seemingly leads to the official Google website. However, upon closer inspection, I noticed that the link actually redirects through another domain before landing on Google. To investigate further, I tested the link in Browserling, and it didn't request any personal information or prompt for any actions. I've attached screenshots of the SMS and the VirusTotal analysis of the link. Although the link ends up on Google, I'm concerned that this could be part of a scam or even a potential exploit. I'm seeking the community's and ESET's help to figure out what's going on here. Could this be an exploit or some other malicious activity? Any insights would be greatly appreciated! Thanks in advance! Virustotal links: https://www.virustotal.com/gui/url/c5a65a6d42627d82ecdb226aff45231d36d694e1455bef610f30ffa30fb33641/details,https://www.virustotal.com/gui/url/710e5274b9d9e5499caac1e0ed6dd17a33e759ac75c1ed627a2d71b95f9d3bdd/details Quote Link to comment Share on other sites More sharing options...
itman 1,756 Posted August 28 Share Posted August 28 Most likely it was this: https://datcp.wi.gov/Documents/IntlPhoneNumberScam201.pdf . Quote Link to comment Share on other sites More sharing options...
SBrown 4 Posted August 28 Author Share Posted August 28 24 minutes ago, itman said: Most likely it was this: https://datcp.wi.gov/Documents/IntlPhoneNumberScam201.pdf . I understand that, but what I don't understand is why they would send me a link claiming to be a Hungarian ISP and telephone service provider, while the link only redirects to another link and then to the real google.com. That's why I'm asking for the help of the community and ESET employees. Quote Link to comment Share on other sites More sharing options...
Solution itman 1,756 Posted August 28 Solution Share Posted August 28 (edited) Review latest VirusTotal scan: https://www.virustotal.com/gui/url/c5a65a6d42627d82ecdb226aff45231d36d694e1455bef610f30ffa30fb33641/detection . Eset now detects the redirect URL as malicious. Edited August 28 by itman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.