JL Johnson 
I have recently had a lot of fun taking down SMS spam / fraud / SMSishing bad guys. Based on engagement, you all seem to enjoy it, as well.
Here's a fresh one. Let me teach you how I do it, so you can too.
👇 ⬇️
This is a fun one because it's #iMessage. Rare in my experience, but seems more common lately.
USPS won't randomly SMS or iMessage you. And they won't send you to some garbage .top URL.
Don't reply to troll. That only confirms you are a target and increases the resale value of your info.
Take a screen shot, and then "report junk".
Because this is iMessage, we can't take down their SMS service. I'll have to teach you that some other time.
👇 ⬇️
So let's see who their registrar is. I go directly to ICANN for this https://lookup.icann.org/en/lookup but you can use whatever service you like.
ICANN says the registrant of this URL is... adadasdadasdad. Seems legit!
They also provide contact info for the registrar. The registrar is the company the bad guys bought the URL from. International laws require them to take reports of fraud seriously. Never worked with gname.com before. Let's see...
👇 ⬇️
Armed with the registrar's abuse email all we have to do is send a super quick and to the point email with proof of the bad guys using the URL.
So far I've had 100% success in getting the URLs taken down in a day or so.
I have never worked with gname before so now we wait and see.
#cybercrime #FightBack #Spam #Phishing #SMSishing
👇 ⬇️
While we wait... Why bother? Well, glad you asked (no one has... yet)
URLs cost money. Even for big ops they cost a few bucks each. Each time you *quickly* report abuse to the registrar resulting in suspension, the bad guys lose $.
ALSO: You are also saving "Gullible Grandma" who got this text 2 hours ago while at water aerobics and is just now clicking the URL. She gets an error vs handing over her personal information. Be a hero, fight back!
#cybercrime #FightBack #Spam #Phishing #SMSishing
👇 ⬇️
Gname is based in Singapore & their abuse team works bankers hours. ~5 hrs til they open.
Seeing a trend. Bad guys register URL w/ a foreign entity and have free reign while security teams abroad are asleep. Meanwhile US-based targets are awake and susceptible.
I had one a few weeks ago that was registered at 6 PM Friday. Assuming hopes of criming all weekend before registrar mozied into work to process incident.
Thankfully they were using a popular SMS solution w/ 24x7 fraud team to nuke 'em.
Gname took the lazy approach and rather than look at the site to see it was a clear phishing scam asked me to submit a report via their "official form." Which I did. So now we wait, again.
I think my email could have been more descriptive. Lesson learned for next time.
The saga continues...
#cybercrime #FightBack #Spam #Phishing #SMSishing
👇 ⬇️
Oh, hey! This came in two days ago but I’ve been extra busy and missed the email. I don’t mind sharing the URL now since it’s dead. GNAME registration is so far the hardest to get to do their job.
Rora Borealis@User47 I got a similar response from alibaba. Not sure it's worth bothering with their form as I can't answer all the required questions and they probably toss out anything not submitted properly.
@User47 I will definitely be more inclined to fill out forms when I'm back on my PC with a real keyboard.
@rora_borealis I would encourage you to try. The burden of proof is supposed to be pretty low.
@User47 Maybe we need a spreadsheet of the various forms and contact methods and see what seems to work?
@rora_borealis I could absolutely get behind that
@User47 How is alibaba about handling requests?
@rora_borealis I have no experience with them as of yet. But all registrars have to sign onto icann norms so for example if gname ignores me I can escalate to Ivan and possibly gname gets corrective action
@User47 Well, I will see how it goes.
@User47 Straight to the point. All facts. No bullshit. Such perfection in communication! No notes.
Airplanista 🇺🇦