BSidesTLV 2024 - Gotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMS

Описание: Speaker: Sharon Brizinov

Living in Israel and being bombarded with pesky smishing messages demanding a payment of 6.39 NIS to release a nonexistent package from post office customs is a common Israeli experience. Like many others, we initially brushed off these messages as spam and paid little attention. It wasn’t until a relative tearfully revealed she had fallen victim to the scam - and that is when we decided to take action.

In this session, we will delve into the origins of the ScanMySMS project—a platform we created to empower individuals to verify the legitimacy of the SMS they receive, all at no cost. The platform incorporates a sophisticated automation process that simulates a potential victim interacting with a phishing link. It collects key indicators to understand the malicious nature of a given URL. Additionally, we introduced a human element by developing a system for volunteers who can actively assist in classifying messages and links if the automation is unable to provide a verdict in real time.

Throughout the session, we will showcase numerous examples of phishing campaigns, particularly during the October 7th war, and reveal how we identified and thwarted their operations. Throughout the war, the ScanMySMS project, along with its dedicated volunteers, successfully detected, reported, and neutralized thousands of phishing and smishing campaigns targeting popular Israeli services such as banks, payment platforms, post offices, government websites, and more. Our message is clear: Together we stand, together we hack.