I’ve just received two SMS which look strange to me (in German):
Original 1 (+491636270835): Es wurde eine neue Bestellung (6-char code) auf Lieferando.de gesendet. Informationen: http://www.basishotel.com/track/?(12-char code)
Original 2 (+4915734662612): Ihre AO Bestellung wird von unserem Logistikpartner geliefert. Zu Ihrer Sendungsverfolgung: http://mahashivasthitaa.world/trck/?(14-char code)
Translated to English:
SMS 1: A new order (6-char code) has been sent on Lieferando.de. Information: http://www.basishotel.com/track/?(12-char code)
SMS 2: Your AO order will be delivered by our logistics partner. To track your shipment: http://mahashivasthitaa.world/trck/?(14-char code)
This looks strange to me for several reasons:
- The phone number: I have two SIM cards. One personal one, the other one is for work. Most stuff I do is over the work one. The personal one is sometimes for 2FA and e.g. in Facebook as a backup number.
- Lieferando.de would for sure not link to basishotel.com
- For the second one I don’t even know what AO could be and the website looks strange.
- http and not https
However, it’s unclear to me what they want to achieve. Are there specific vulnerabilities that come with SMS or is this just normal phishing over SMS? Could they, for example, execute code or hide something in the SMS that I cannot directly see?